On Dec 7, 2007 10:21 PM, Colin Burnett <<a href="mailto:cmlburnett@gmail.com">cmlburnett@gmail.com</a>> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Dec 7, 2007 10:05 PM, Jeffrey Ollie <<a href="mailto:jeff@ocjtech.us">jeff@ocjtech.us</a>> wrote:<br>><br>> Well, if the webserver has a copy of all of the private keys there<br>> wasn't much point to the exercise other than wasting CPU cycles.
<br><br></div>The server has a copy of all keys but no copy of the passphrases, thus<br>you have secrecy. The key relationship enforces that A can only talk<br>to B and B can only talk to A. Unless I'm misunderstanding Matthew:
<br>this accomplishes what he wants. Specifically:<br><div class="Ih2E3d"><br>"Ideally, the passphrase that encrypts something is unable to decrypt<br></div><div class="Ih2E3d">it. The goal is to create a web application that can store a secret
<br>message. Someone types a message, the server encrypts it and one of<br>two people can decrypt it."<br><br></div>I guess I don't fully understand his (read: his friend) overall<br>intentions. A tricky point when it comes to encryption.
<font color="#888888"><br></font></blockquote></div><br>The server sends out reports when people make donations. The information is considered very private. It's sent after a transaction so that the data doesn't need to be stored on the server. Right now most of the people successfully get the reports via gpg. I guess it's becoming a problem with people who are upgrading their computers. They can't re-install winpt and gnupg. The thought is that it'd be nice to store the data on the server in a way that can't be decrypted. Then a person could come to a web page with a simple UI and enter some password to decrypt the data.
<br><br>The point about the insecurity of sending the password to the server to decrypt the data being a bad idea is well taken. Unless there's a decryption routine written entirely in javascript then there may not be any solution to that. :-(
<br><br>-- <br>Matthew Nuzum<br>newz2000 on freenode