Sending Public Key

Janusz A. Urbanowicz alex at
Sun Feb 11 18:58:40 CET 2007

On Sat, Feb 10, 2007 at 02:13:42PM -0700, jason heddings wrote:
> I'm making use of libgcrypt for a specific encryption application.  I'm
> assuming that the following is secure:
> - Use libgcrypt to create a keypair
> - Save the S-exp to an internal, protected keystore
> - Base64 encode the public-key portion of the S-exp
> - Broadcast the base64-encoded key to associated clients
> - Use the broadcasted public-key to encrypt data
> - Send encrypted data back to a server containing the keystore
> - Only server can decrypt encrypted data using private keys
> Can someone please correct me if I am wrong?  Is there a problem with this
> approach, or perhaps a better one?

Without a detailed specification of the protocol it is almost impossible,
but for starters, do not encrypt actual non-random data with a pubkey.

It is always bad idea to roll your own crypto protocol, use SSL/TLS or
OpenPGP or CMS, or XML cryptography if possible.

JID: alex at
PGP: 0x46399138
od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze
 -- Czerski

More information about the Gnupg-users mailing list