Newbee question

Neil Williams linux at codehelp.co.uk
Wed Nov 17 12:10:56 CET 2004


On Wednesday 17 November 2004 9:55 am, Johnson Jeba Asir wrote:

> 1. The client has to encrypt the messages with its key
> 2. the Client keys should be updated to the server
> 3. Using the client key the server has to decrypt the 
>   
>    message

To do this, the server needs the secret key of the client. This may be 
insecure. Can't the server have it's own key? Does the server need a key at 
all - if you just want to encrypt something during transport, use SSH and 
it's partner scp which use the same security as https://

> 2. gpg --armor --export gpg at localhost > mykey.txt
You haven't exported the secret key yet - it's a separate option because it 
has security implications and shouldn't be used without thinking through the 
problems. Once you export a secret key and copy it to another machine, the 
chances of the key being compromised increase. If this is to be your personal 
key, it would be better to use a key for you and a separate key for the 
server. Better still, find a way for the server to not do the decryption 
itself if you cannot solve the security problems. 

gpg -a --export-secret-key gpg at localhost > mysecretkey.txt

> 3. gpg -e -r gpgclient plain.txt (after the above
> command i was able to see a plain.txt.gpg binary file)
>
> The mykey.txt and plain.txt.gpg files are transfered
> to the PC2

And mysecretkey.txt

>
> from PC2
>
> 1. gpg --import mykey.txt
>    (Got the key added message)

gpg --import mysecretkey.txt

> 2. gpg -d < plain.text.gpg

Hence:

> gpg: decryption failed: secret key not available

gpg is right, the secret key needed to decrypt the message (the client secret 
key) isn't available.

-- 

Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041117/475bc7cc/attachment.bin


More information about the Gnupg-users mailing list