Ben Spink wrote:
>A client is wanting to use SSL certificates to encrypt files on disk. When
>needed, use the cert to decrypt the file.
>
>Is this possible? To me it doesn't make sense. I can do this using other
>methods like DES or PGP via java, but I can't think of any way of using the
>cert in this process or using SSL.
>
>I thought of wrapping a sslsocket and catching the encrypted data before it
>was decrypted, but this seems like it wouldn't work as I wouldn't expect
>the data to be decryptable.
Using an SSL cert to encrypt makes sense: it's just a cert with a public key.
So as long as you can get the public key out of the cert and choose the
right algorithm, you can encrypt with it.
None of the rest of it makes sense, though.
To decrypt public-key-enciphered data, you will need the corresponding
private key, and that won't be in the cert. If it's anywhere safe, it will
be in a keystore, but then you need access to that keystore and whatever
access-control it's stored under.
Somehow redirecting SSL to a file makes no sense because SSL is a protocol,
not just an encryption algorithm. That is, you need an active agent on
each end to produce responses for the steps of the protocol. Ciphering and
deciphering is only one part of SSL.
SSL is fundamentally a key-exchange protocol. If that doesn't make sense,
read the first 2 major sections of Schneier's "Applied Cryptography", or go
straight to the chapter on SSL.
-- GG
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden
This email sent to email@hidden
