Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
07-31-2006, 06:17 AM
|
#1
|
Member
Registered: Mar 2006
Distribution: FC4
Posts: 184
Rep:
|
public key encryption
Hi,
Although Im googling on this topic but I thought it would be wise of me to post this question on the forum too..
I wanted to know.
Can I encrypt a document using my public key, and then send this public key over my intranet to the respective users so that they can decrypt my document using my public key...
in short words..I want a
one to many relationship..
Thanks
Danish
|
|
|
07-31-2006, 06:41 AM
|
#2
|
Member
Registered: Nov 2005
Posts: 144
Rep:
|
When you encrypt a file, you use the public key if your intended recipient. He will have to use his pivate (secret) key to decrypt your message. If you want to encrypt a document for multiple recipients, you have to encrypt it with each one's personal public key.
On Linux systems, you usually use gpg. Just visit www.Gnupg.org for Howtos and FAQs.
Have fun,
Lotharster
|
|
|
07-31-2006, 07:43 AM
|
#3
|
Member
Registered: Mar 2006
Distribution: FC4
Posts: 184
Original Poster
Rep:
|
Yes...What u said is absolutely correct...and I knew about that too..Ive been using GnuPG for that. But my boss came up to me and suggested that it would be easier for the users in my LAN to just have my public key so that when I encrypt a document ( such as a doc with passwds) with my public key, the users are able to decrypt the document with the my public which I would be giving to them..
Is it possible..
Danish
|
|
|
07-31-2006, 07:57 AM
|
#4
|
Senior Member
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
|
By the way, to make confusion less:
Your public key is known to everyone. At least theoretically. Practically you should assume it is known to all enemies and to friends whom you have given it. So if you do something with your public key, it can be done by everyone. If something is intended to be decrypted with your public key, it can be simply rot13 with nearly the same effect.. If you do something with your secret key, it can be proof that only you could do it. So your secret key can be intended to sign something or decrypt a message to you. Or maybe it can be shared secret key between two parties to communicate. Your public key can be used to encrypt message to you or verify your signature - in both cases it can be done by anyone.
Maybe you want to have a shared private key, which you will personally hand to every recipient. After that any of you will be able to encrypt with common public key, and only people sharing decryption key will be able to read message - but it will not be public key.. For details read man gpg...
|
|
|
07-31-2006, 07:58 AM
|
#5
|
LQ Guru
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678
Rep: 
|
Don't you mean that you want to encrypt with your private key and they will decript with the public key? Otherwise it sounds like you are describing symetric encryption
|
|
|
07-31-2006, 08:36 AM
|
#6
|
Senior Member
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
|
Nearly symmetric. Private key is shared among trusted parties and is used for decryption, public key is really public and is used for encryption. It doesn't complicate things too much (relatively to symmetric encryption), but it will not need readjusting when someone will want to get encrypted messages from untrusted parties that can be read only by members of trusted intranet (holding keys).
|
|
|
07-31-2006, 08:46 AM
|
#7
|
Member
Registered: Mar 2006
Distribution: FC4
Posts: 184
Original Poster
Rep:
|
Yes, Raskin what you say does make sense. Does Gnu Privacy assistant under GPL provide the Nearly Symmetric encryption that you are talking about..
Raskin, could you please give me advise as to how to go about it...
But, just to satisfy my boss,s thirst :-(, can the encryption take place according to what I had said earlier because I had clarified from him and he wants it that way.
Sometime's, I just don't understand my boss.
Danish
|
|
|
07-31-2006, 09:38 AM
|
#8
|
Senior Member
Registered: Sep 2005
Location: France
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
|
I guess steps are following:
1. Read man gpg.
2. Create keyrings for every user.
3. 'gpg --editkey' for one user.
4. Generate new key - either symmetric or asymmetric (note: I hope you will implement everything. Consider not telling boss you use asymmetric-capable scheme. If you do not distribute public key (and guard it instead..), difference is very little).
5. export new key.
6. Import the key for every user.
7. Write scripts to encode/decode using this generated key or configure their clients they will use.
8. Force users to change passwords for keyrings.
|
|
|
08-01-2006, 02:48 AM
|
#9
|
Member
Registered: Mar 2006
Distribution: FC4
Posts: 184
Original Poster
Rep:
|
Quote:
Originally Posted by raskin
I guess steps are following:
1. Read man gpg.
2. Create keyrings for every user.
3. 'gpg --editkey' for one user.
4. Generate new key - either symmetric or asymmetric (note: I hope you will implement everything. Consider not telling boss you use asymmetric-capable scheme. If you do not distribute public key (and guard it instead..), difference is very little).
5. export new key.
6. Import the key for every user.
7. Write scripts to encode/decode using this generated key or configure their clients they will use.
8. Force users to change passwords for keyrings.
|
Thanks a lot..i will get back to u if required ASAP
Danish
|
|
|
All times are GMT -5. The time now is 06:52 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|