key handling ?s
Warren, Tony
tonyw@prairiesys.com
Thu, 29 May 2003 15:22:28 -0500
This is a multi-part message in MIME format.
------_=_NextPart_001_01C32620.064FBC3E
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Greetings all,
=20
I am trying to determine the best method to store a single pair of =
libgcrypt-generated public keys (currently using rsa, but it shouldn't =
matter anyway) for long-term use. We want to keep the secret key =
completely separated (on floppy, or secure file, or some other =
very-restricted location) and the public key available to our webserver =
(in any format, as long as it can be written once, then read/recreated =
at will). I want the user to only need the filenames for the *pKey and =
*encryptedFile, with my library functions doing all the libgcrypt =
functions transparently. It would be nice if there were an export-key =
function for either public keys (useful) or secret keys (useful for me, =
but scary in general).
=20
>From the advice given on this list previously, it sounds like the =
suggested method would be to save the n,e values in publicKey in an =
array (as mpi?) and store that as a file. Same with (n,e,d,p,q) values =
for secretKey. Then pass filename to function, recreate the sexp on the =
fly and perform the encryption/decryption... Is this the most correct =
method? Is it possible/better to save the publicKey in another format =
that is more straightforward? (like gpg's ascii-armored -- can Libgcrypt =
de-armor & make an sexp from that format?)
=20
I realized there are more questions in this post than practical, but if =
I can get any assistance on these matters, I would be very grateful.
=20
Thank you in advance for any assistance. =20
--=20
Tony Warren
g <mailto:garbaj@prairiesys.com> arbaj@prairiesys.com
<}-:=20
------_=_NextPart_001_01C32620.064FBC3E
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1170" name=3DGENERATOR></HEAD>
<BODY>
<DIV>
<DIV><SPAN class=3D750233318-21052003><FONT face=3DArial =
size=3D2>Greetings=20
all,</FONT></SPAN></DIV>
<DIV><SPAN class=3D750233318-21052003><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D750233318-21052003><FONT face=3DArial size=3D2>I am =
trying to=20
determine the best method to store a single pair of l<SPAN=20
class=3D284582413-29052003>ib</SPAN>gc<SPAN=20
class=3D284582413-29052003>rypt</SPAN>-generated public keys =
(currently using=20
rsa, but it shouldn't matter anyway) for long-term use. We want to =
keep=20
the secret key completely separated (on floppy, or secure file, or =
some=20
other very-restricted location) and the public key available to our =
webserver=20
(in any format, as long as it can be written once, then read/recreated =
at will).=20
I want the user to only <SPAN class=3D284582413-29052003>need =
</SPAN>the=20
filenames for the <SPAN class=3D284582413-29052003>*</SPAN>pKey and =
*encryptedFile, with my library functions doing all the libgcrypt =
functions=20
transparently. It would be nice if there were an export-key =
function=20
for either public keys (useful) or secret keys (useful for me, but scary =
in=20
general).</FONT></SPAN></DIV>
<DIV><SPAN class=3D750233318-21052003><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D750233318-21052003><FONT face=3DArial size=3D2>From =
the advice=20
given on this list previously, it sounds like the suggested =
method would=20
be to save the n,e values in publicKey in an array (as mpi?) =
and store=20
that as a file. Same with (n,e,d,p,q) values for secretKey. =
Then=20
pass filename to function, recreate the sexp on the fly and perform the=20
encryption/decryption... Is this the most correct method? Is =
it=20
possible/better to save the publicKey in another format that is more=20
straightforward? (like gpg's ascii-armored -- can Libgcrypt =
de-armor &=20
make an sexp from that format?)</FONT></SPAN></DIV>
<DIV><SPAN class=3D750233318-21052003><SPAN =
class=3D284582413-29052003><FONT=20
face=3DArial size=3D2> </DIV></FONT></SPAN></SPAN>
<DIV><SPAN class=3D750233318-21052003><FONT face=3DArial size=3D2>I =
realized there are=20
more questions in this post than practical, but if I can get any =
assistance on=20
these matters, I would be very grateful.</FONT></SPAN></DIV>
<DIV><SPAN class=3D750233318-21052003><FONT face=3DArial=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D750233318-21052003><FONT face=3DArial size=3D2>Thank =
you in advance=20
for any assistance. </FONT></SPAN></DIV>
<P><FONT face=3DArial><FONT size=3D2>--</FONT> <BR><FONT=20
size=3D2>Tony</FONT> <SPAN class=3D750233318-21052003><FONT=20
size=3D2>Warren</FONT></SPAN></FONT></P>
<P><FONT size=3D+0><SPAN class=3D750233318-21052003></SPAN><SPAN=20
class=3D750233318-21052003></SPAN><FONT face=3DArial><FONT size=3D2><A=20
href=3D"mailto:garbaj@prairiesys.com">g<SPAN=20
class=3D750233318-21052003>arbaj@prairiesys.com</A></SPAN></FONT></FONT><=
/FONT></P>
<P><FONT size=3D+0><FONT face=3DArial><B><FONT =
size=3D2><}-:</FONT></B>=20
</FONT></FONT></P></DIV></BODY></HTML>
------_=_NextPart_001_01C32620.064FBC3E--