1

I am very new to cryptography and I need some expert suggestions to deal with my scenario. Also forgive my ignorance.

I need a way to encrypt a file and give it to receiver. The receiver can decrypt the file and read the content but should not be able to change it. Sort of like a license file.

From the knowledge i got reading about encryption for the past 2 days (PGP encryption) is that file can be encrypted using a public key and the receiver can only decrypt using their private key. If the reviver has the private key then I am guessing they could change the content of the file as well?

In my case the receiver should be able to decrypt using public key (only read the content and not change it) and the private key should stay with the sender. Is this scenario possible? Would signing the file with senders private key help?

Thanks in advance.

fireBand
  • 947
  • 7
  • 23
  • 42
  • Have you tried here?:http://stackoverflow.com/questions/5307499/how-to-encrypt-a-file-in-java-using-aes – DLJ Apr 02 '14 at 16:23
  • 2
    "should not be able to change it": the receiver can always change the file, but you can make sure with a signature that some other entity does no longer accept the file if it was changed. – Henry Apr 02 '14 at 16:26
  • @DLJ yes i did look into the post. It seems like receiver and sender have the same knowledge about the keys used for encryption. I am trying to find a solution so that sender has a special key which receiver is not aware of. The file content can only be changed with senders special key. – fireBand Apr 02 '14 at 16:55
  • @Henry so what should I be doing is encrypt the file using a public key and sign it. On the receiver end verify that its been signed by the correct sender and proceed to decrypt if it is. Do correct me if Ive gone offtrack. – fireBand Apr 02 '14 at 16:58
  • Yes. It is more common to first sign and then encrypt though. I don't know your use case, is encryption necessary? – Henry Apr 02 '14 at 18:06
  • @Henry thanks for clarification. My use case is similar to a license file. I have a properties file which defines some restrictions like maximum connections. This file will be exported to the client's site hosting my software. My software has to decrypt it to read its content. I don't want the client to be messing with the properties file so I felt it needs to be encrypted. – fireBand Apr 02 '14 at 18:15
  • 1
    For this application, encryption is not strictly necessary (but does not harm). If the file is signed, any tampering can be detected because the signuture cannot be verified. – Henry Apr 03 '14 at 12:29

2 Answers2

0

Of course, you can use PGP to encrypt and decrypt files. In order to use that - sender and receiver should have their public/private keys issued. The public keys of both parties should be available to each other, so they can use them correspondingly to encrypt files. The private keys will be used to decrypt files. What happens with the content of the file after decryption is up to you. You can use bouncycastle library. However, take care if you sign the encrypted file. As far as I know, bouncycatcke lib has a problem when a file is signed.

rossa
  • 119
  • 5
  • thanks for the heads up. I do have the bouncycastle lib. I have not experimented with signing yet thought. Right now I am just looking to find right approach. – fireBand Apr 02 '14 at 18:18
  • I will recommend you to download the javadoc and source from central maven site and take a look at the examples there. However, pay special attention to signing the file. Good luck! – rossa Apr 03 '14 at 05:42
0

Taking tip from Henry I decided to encrypt and sign the license. I ended up using AES for encryption and RSA signing.

This was because of various constrains in application I am working. I would recommend PGP to any one looking for similar solution.

fireBand
  • 947
  • 7
  • 23
  • 42