<div dir="ltr">hi Martin,<div><br></div><div>just to add a little to </div><div><br></div><div>step 1 )</div><div>there is also the option of encrypting one file but using multiple recipients for that single encryption step instead of looping and encrypting it differently for each recipients public key</div><div>so marcus could obtain a list of all the recipients keys and encrypt the single file he wants to send around and get a single output encrypted file which is sent to all the recipients .</div><div>each recipient can decrypt the output file using his own private key .</div><div>this can prove convenient especially when u have multiple recipients for the same file .</div><div> i use bash/gpg for this on a daily basis to send sensitive files to multiple recipients but the idea can still be used in your scenario above .</div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Apr 14, 2015 at 9:28 PM, Martin Karlsson <span dir="ltr"><<a href="mailto:martink@securemedia.co.nz" target="_blank">martink@securemedia.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Marcus,<br>
<br>
It is getting better:)<br>
<br>
My only problem with this is that you are still using private_encrypt<br>
(end hence public decrypt).<br>
<br>
How are you going the distribute the RSA public key? Normally the<br>
public key is meant to be public but if something is encrypted using<br>
the RSA private key *any* party holding the RSA public key can decrypt<br>
the cipher.<br>
<br>
This means that you need to securely deliver the RSA public key. And<br>
if you had a way to securely distribute a key you wouldn't need RSA<br>
crypto in the first place:) (you would of course then securely<br>
distribute the shared secret)<br>
<br>
Public Key Crypto is mainly there to be able to share a secret key and<br>
this can be done in one of two ways:<br>
<br>
1) Your friends send their public RSA key to you. You do encryption as<br>
above but replace step 3 with a public encrypt using your friends RSA<br>
key. Then they will decrypt the shared secret using their private key.<br>
<br>
In this case it doesn't matter who gets the public key because it is<br>
only the one holding the private key that can decrypt.<br>
<br>
2) You send your friends your public RSA key. They generate a shared<br>
secret which they encrypt using your public key and then sends to you.<br>
You decrypt the shared secret with your private key and then use that<br>
shared secret to encrypt the file and send to you friend.<br>
<br>
Hopefully I've got this right.<br>
<br>
Cheers,<br>
Martin<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
</div></div></blockquote></div><br></div>