Newbee question
Neil Williams
linux at codehelp.co.uk
Wed Nov 17 12:10:56 CET 2004
On Wednesday 17 November 2004 9:55 am, Johnson Jeba Asir wrote:
> 1. The client has to encrypt the messages with its key
> 2. the Client keys should be updated to the server
> 3. Using the client key the server has to decrypt the
>
> message
To do this, the server needs the secret key of the client. This may be
insecure. Can't the server have it's own key? Does the server need a key at
all - if you just want to encrypt something during transport, use SSH and
it's partner scp which use the same security as https://
> 2. gpg --armor --export gpg at localhost > mykey.txt
You haven't exported the secret key yet - it's a separate option because it
has security implications and shouldn't be used without thinking through the
problems. Once you export a secret key and copy it to another machine, the
chances of the key being compromised increase. If this is to be your personal
key, it would be better to use a key for you and a separate key for the
server. Better still, find a way for the server to not do the decryption
itself if you cannot solve the security problems.
gpg -a --export-secret-key gpg at localhost > mysecretkey.txt
> 3. gpg -e -r gpgclient plain.txt (after the above
> command i was able to see a plain.txt.gpg binary file)
>
> The mykey.txt and plain.txt.gpg files are transfered
> to the PC2
And mysecretkey.txt
>
> from PC2
>
> 1. gpg --import mykey.txt
> (Got the key added message)
gpg --import mysecretkey.txt
> 2. gpg -d < plain.text.gpg
Hence:
> gpg: decryption failed: secret key not available
gpg is right, the secret key needed to decrypt the message (the client secret
key) isn't available.
--
Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041117/475bc7cc/attachment.bin
More information about the Gnupg-users
mailing list