Greetings all,
I am trying to determine the best method to store a single pair of libgcrypt-generated public keys (currently using rsa, but it shouldn't matter anyway) for long-term use. We want to keep the secret key completely separated (on floppy, or secure file, or some other very-restricted location) and the public key available to our webserver (in any format, as long as it can be written once, then read/recreated at will). I want the user to only need the filenames for the *pKey and *encryptedFile, with my library functions doing all the libgcrypt functions transparently. It would be nice if there were an export-key function for either public keys (useful) or secret keys (useful for me, but scary in general).
From the advice given on this list previously, it sounds like the suggested method would be to save the n,e values in publicKey in an array (as mpi?) and store that as a file. Same with (n,e,d,p,q) values for secretKey. Then pass filename to function, recreate the sexp on the fly and perform the encryption/decryption... Is this the most correct method? Is it possible/better to save the publicKey in another format that is more straightforward? (like gpg's ascii-armored -- can Libgcrypt de-armor & make an sexp from that format?)
I realized there are more questions in this post than practical, but if I can get any assistance on these matters, I would be very grateful.
Thank you in advance for any assistance.
--
Tony Warren
g <mailto:garbaj@prairiesys.com> arbaj@prairiesys.com
<}-:
I am trying to determine the best method to store a single pair of libgcrypt-generated public keys (currently using rsa, but it shouldn't matter anyway) for long-term use. We want to keep the secret key completely separated (on floppy, or secure file, or some other very-restricted location) and the public key available to our webserver (in any format, as long as it can be written once, then read/recreated at will). I want the user to only need the filenames for the *pKey and *encryptedFile, with my library functions doing all the libgcrypt functions transparently. It would be nice if there were an export-key function for either public keys (useful) or secret keys (useful for me, but scary in general).
From the advice given on this list previously, it sounds like the suggested method would be to save the n,e values in publicKey in an array (as mpi?) and store that as a file. Same with (n,e,d,p,q) values for secretKey. Then pass filename to function, recreate the sexp on the fly and perform the encryption/decryption... Is this the most correct method? Is it possible/better to save the publicKey in another format that is more straightforward? (like gpg's ascii-armored -- can Libgcrypt de-armor & make an sexp from that format?)
I realized there are more questions in this post than practical, but if I can get any assistance on these matters, I would be very grateful.
Thank you in advance for any assistance.
--
Tony Warren
g <mailto:garbaj@prairiesys.com> arbaj@prairiesys.com
<}-: