search

TheChiefMeat / pgp

A simple and easy to use client-side PGP system
5 stars 3 forks source link

Assymetric cryptography #7

Open username1565 opened 6 years ago

username1565 commented 6 years ago

Message. This after "sign+encrypt" by encryption public key RSA, and signing this by ECC private key.

Qustion: Can I get an encrypted message without decryption, by only VERIFY the signature, or can I get the signed message without decryption throught option decrypt-only, using only Receiver's Private Key (decryption)?

I see some cases:

  1. Sign, then encrypt <-> decrypt, then verify.
  2. Encrypt, then sign <-> verify, then decrypt.
  3. Someone else...

When I trying to decrypt, using private key RSA only - for message, which encrypted by RSA public key, I see: Error: Can't find a key for "blah-blah-blah": key not found: ["blah-blah-blah"]. "blah-blah-blah" - this is ECC key in keyring. I did console.log('keyring', keyring);

When I trying to verify this message using ECC private key, i see another error: Error: key not found: ["bla-bla-bla"] - and this key is RSA key.

And when I trying to checksig using public key RSA, by which message was been encrypted, I see the same error: Error: key not found: ["bla-bla-bla"] -> so this seems, like ID corresponding for PRIV RSA.

But... In keyring in verify function, when I trying to checksig, using pub RSA, I see this: verify function, key-ring: PgpKeyRing _keys: Object ...............................: Object bla-bla-bla: Object ...............................: Object

and that means, key is there. Maybe keyring box need some fix, or fetch function in kbpgp not working correcly.

If the way for sign+encrypt is (first encrypt by pub, then sign by another priv) correctly, then I think, I can get encrypted message, after checksig, using only pub, corresponding the ANOTHER PRIV. Or if sign+encrypt doing by this way (first sign by priv, then decrypt by pub), then I can get signed message, after simply decryption-only, using Receiver's priv.

TheChiefMeat commented 6 years ago

I'm not entirely sure what you're asking here tbh. Are you asking to verify only, and not decrypt? If so then yes that might be possible with the kbpgp.js. You'd need to built a new verify-only function that forgoes decrypting the message and verifies the message only, although I haven't tested this myself so I can't be sure it would work.

You can see working examples of verification and decryption here, a lot of these examples were directly used when making PGP Suite: https://keybase.io/kbpgp/docs/decrypting