AW: Security of message when private key is exposed but password isn't?

Huels, Ralf SCORE
Wed Aug 28 18:24:02 2002


> The way I'm currently doing this is that I have
> created a single public/private key pair and messages are
> encrypted with that key as the recipient and also the
> sender. This enables messages to be encrypted without the
> use of the secret password and be decrypted with it. 

I don't understand this. Am I being dense? The passphrase is
never used when encrypting. You just need the recipient's 
public key. The passphrase has got nothing to do with that.
So you can have your users store the encrypted stuff in the
DB with no concern about the secret key.

If you set your permissions so that only the DB admin who
has to retrieve the data can access it, you should have no 
If you're paranoid and your DB setup permits it, you could
even transfer a DB dump to a safe machine and do the 
retrieval there without ever having to expose the secret

Did I misunderstand your problem?