Remove public key from secret key
Ivan Peev
ivan.peev at gmail.com
Sun Jun 15 17:36:47 CEST 2008
Thank you for the verbose answer Peter. What I actually ended up doing is
simply signing the required data with a private key and verifying the signed
data with the public key on the exposed machine. I realized I don't need
encryption, but a way to guarantee the data is generated by me.
Thank you again for your time.
Regards,
Ivan
On Sun, Jun 15, 2008 at 9:43 AM, Peter Lebbing <peter at digitalbrains.com>
wrote:
> Ivan Peev wrote:
> > Is there a way to export the secret key without the public key or remove
> > the public key from exported secret key? I'm trying the following
> scenario:
> >
> > 1. Encrypt data with particular public key on one machine.
> > 2. Decrypt data with related secret key on another machine.
> >
> > Basically I don't want someone to be able to generate data, which can be
> > decrypted with the related secret key.
>
> At least with RSA, the public key can be computed with just the secret key.
> So it would never be cryptographically secure, it only takes some effort on
> the part of the attacker to break the scheme.
>
> I obviously don't know your exact requirements, but instead of trying to
> make something designed to be public private, perhaps this will accomplish
> your goal:
>
> Create two keypairs, A and B.
>
> The machine mentioned under point 1. above has the public key of keypair A
> and the private key of keypair B.
>
> The machine mentioned under point 2. has the private key A and public key
> B.
>
> The program encrypting on machine 1. encrypts to key A and signs with key
> B.
>
> The program decrypting on machine 2. only accepts data encrypted to key A
> and /signed with key B/.
>
> Now someone with access to the keyring on machine 2. cannot create
> encrypted
> data that is accepted by the decryption program, because he cannot sign it
> with key B.
>
> HTH,
>
> Peter Lebbing.
>
> --
> I'm using the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at http://wwwhome.ewi.utwente.nl/~lebbing/pubkey.txt<http://wwwhome.ewi.utwente.nl/%7Elebbing/pubkey.txt>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080615/c4a7d22f/attachment.htm>
More information about the Gnupg-users
mailing list