My customer encrypted their file using their private key and then gave me their public key for me to decrypt it. I wanted to use the OpenPGP package and so far I am trying out this flow containg these:
gpg: WARNING: unsafe permissions on homedir `/opt/SoftwareAG/webMethods712/gnupg’
gpg: WARNING: using insecure memory!
gpg: please see [url]http://www.gnupg.org/faq.html[/url] for more information
gpg: encrypted with 2048-bit ELG-E key, ID 0F681253, created 2009-09-21
“B2B-Test@testemail.com (Dev/Test/QA) B2BHelpdesk@testemail.com”
output:
A string containing some random number and texts
I would like to ask where should I place the public keys given to me by my customer so that I can properly decrypt the file?
I am very new to this, so I am not that sure if I’m on the right path in solving this requirement.
I know this is a year-old thread, but I thought I’d provide a belated answer to the query in case someone else needs the info.
The root issue here is that the attempted approach is backwards. Encrypted files cannot be decrypted using a public key.
To exchange encrypted files with someone, here are the steps.
Each party should generate their own private/public key pair. The private key should be closely guarded and protected and never shared with anyone.
The parties provide their public key to each other.
When party A is to send a file to party B, party A uses the B public key to encrypt the file. Then party B can decrypt it using their private key.
For B to A, use the A public key to encrypt.
A common technique to help with file management and troubleshooting is for the sending party to “encrypt to self” as well as for the receiving party. For example, when A sends to B, A uses the B public key as well as its own public key to encrypt. That way A and B can decrypt the file. How this is done depends upon the tool being used (gnupg uses a configuration file).