views:

48

answers:

2

Hello, i have been using PGP. I need to safely store our PGP keyring for our application that will be processing some pgp files. Can I believe that the PGP is Asymmetric cryptography and i should be able to store the information for keyring in a key container?

+1  A: 

PGP is a hybrid cryptographic system i.e it uses a mix of public/private asymmetric and standard symmetric encyption/decryption. It generates a unique session ID which it uses to encrypt the data it then encrypts the session ID with your public key. It then adds the asymetric encrypted session ID to the symmetric encrypted data to produce the final ciphertext
For decryption, the private key is used to decrypt the session ID and then standard symmetric decryption to retrieve the plain text.

PGP stores two sets of keyrings - public keyrings and private keyrings.
So if you shipped the private keyring with your app then anyone could use the private key to decrypt the pgp files.

Public/Private key security is not a magic bullet it still relies on the user keeping their private key or keyrings safe

Here's a good link on how PGP works in more depth

zebrabox
A: 

You should check and see if there is a OS-level keystore to use for that sort of thing. Rolling your own solution is error-prone. Besides, why re-invent the wheel if you don't have to?

Peter Loron