Hi Petr,
On Fri, Jun 22, 2007 at 03:01:04PM +0400, Peter Grigoriev wrote:
> Does it mean that being asked for a private data the workflow will first
> use assymetric algorythm to extract the symmetric key and then decrypt
> the data?
Yes. But good that you asked, because we figured we don't need to
deal with the symmetric keys ourself, but we can just use PKCS#7
which would do this for us. So the current plan is to just have one
workflow that encrypts / decrypts using the certificate/key pair defined
in the server config and PKCS#7. If you want to follow my work, I'll put
it into my password_safe Git branch.
> This way we can gain something only if the size of data requested
> is rather large.
Define "rather large" ... :-) Nonetheless, even with small data, the
overhead from the hybrid encryption should probably be neglectible.
> Otherwise we could use the assymetric key to encrypt data.
> I cannot imagine a real example of large piece of data one need to store
> in CA.
Neither can I at the moment, but you never know what might happen ...
Best regards,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer
[EMAIL PROTECTED] | working @ urn:oid:1.3.6.1.4.1.11417
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
OpenXPKI-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-devel
