Re: I need a encryption utility that will...

From: Juha Laiho (Juha.Laiho@iki.fi)
Date: 02/11/03 

From: Juha Laiho <Juha.Laiho@iki.fi>
Date: Tue, 11 Feb 2003 17:47:00 GMT

"Scott W" <CantGiveMyAddressBecauseIm@work.com> said:
>Let me describe what I am seeking... if anyone here knows of such a thing,
>please let me know. I realize I could write this app myself, but would
>rather not if there something out there that already suits the purpose.
...
>Here is what makes my requirements unique:
>I want to be able to specify the password in advance, embedded in the
>utility, so when they specify one or more files for inclusion, they just
>click "Generate" and it creates a file for them to send to me. They don't
>have to know or care about the password. I need to be able to periodically
>change the embedded password, which would then necessitate me resending the
>utility out, or maybe just a small file with a key - not sure how this would
>work.

Everything seems to fit the definition of "public-key encryption".
Just a fancy shell on top of any public-key crypto system, such as
PGP.

Without considering the user-interface issues you presented:
- the sender will need to have your "public key"
  - with that the sender can encrypt information so that only the
    holder of the matching private key (i.e. you) can open the content
- you will periodically provide new copies of your public key
- you keep copies of all the previous private keys, so you can still
  decrypt all content signed by "obsoleted" public keys, too
- it's also possible for the senders to create their own private keys,
  providing you with a stronger way of authenticating the senders

>Since the people I distribute this to could not use it for any other
>purpose than to send files to me, [...]

Here is where a "commodity" public key system doesn't match your
specification. And still I think it might be cheaper for you to
use such a commodity system than to have your private implementation
custom-built for you. 

-- 
Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
         PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

Relevant Pages

  • Re: I need a encryption utility that will...
    ... >>utility, so when they specify one or more files for inclusion, they just ... > - it's also possible for the senders to create their own private keys, ... > Here is where a "commodity" public key system doesn't match your ...
    (comp.security.misc)
  • Cooperating networked CSPRNGs
    ... It occurred to me that several cooperating networked CSPRNGs could derive entropy from messages received from each other. ... Each of them then at suitable intervals executes the following protocol as Sender with another participant as Responder. ... Sender receives the Responder's public key. ...
    (sci.crypt)
  • Re: [SLE] pgp howto
    ... >> I'm assuming pgadmin3-1.4.1.tar.gz.sig is the signed public key. ... >> the concept of Digital Signatures was invented. ... >> message is digitally signed by the sender. ... >> want to be doing is climbing the learning curve of pgadmin3. ...
    (SuSE)
  • M^k mod ns, M^k mod nr, if nr!=ns, can we receive the same plaintext?
    ... receiver R, each owns a RSA public key and private key. ... the sender is denoted by while the private key is denoted by ...
    (sci.crypt)
  • Re: Is symmetric key distribution equivalent to symmetric key generation?
    ... > it to Bob encrypted under Bob's public key (the very simplest way ... The sender knows only the intended recipient can obtain the ... session key, but the receiver does not know who sent it. ...
    (sci.crypt)