Sending Public Key

jason heddings rocket at
Mon Feb 12 15:15:44 CET 2007

Thanks for the reply...

I think I'm missing something, then...  Does that mean the operations
provided by libgcrypt are not secure to use by themselves? 


-----Original Message-----
From: Janusz A. Urbanowicz [mailto:alex at] On Behalf Of Janusz A.
Sent: Sunday, 11 February, 2007 10:59
To: jason heddings
Cc: gnupg-users at
Subject: Re: Sending Public Key

On Sat, Feb 10, 2007 at 02:13:42PM -0700, jason heddings wrote:
> I'm making use of libgcrypt for a specific encryption application.  I'm
> assuming that the following is secure:
> - Use libgcrypt to create a keypair
> - Save the S-exp to an internal, protected keystore
> - Base64 encode the public-key portion of the S-exp
> - Broadcast the base64-encoded key to associated clients
> - Use the broadcasted public-key to encrypt data
> - Send encrypted data back to a server containing the keystore
> - Only server can decrypt encrypted data using private keys
> Can someone please correct me if I am wrong?  Is there a problem with this
> approach, or perhaps a better one?

Without a detailed specification of the protocol it is almost impossible,
but for starters, do not encrypt actual non-random data with a pubkey.

It is always bad idea to roll your own crypto protocol, use SSL/TLS or
OpenPGP or CMS, or XML cryptography if possible.

JID: alex at
PGP: 0x46399138
od zwracania uwagi na detale są lekarze, adwokaci, programiści i
 -- Czerski

More information about the Gnupg-users mailing list