Getting a private key to a client

J

jjjamie

Freshman
Joined
Aug 30, 2002
Messages
34
Location
England
Hi,

There is probably a really obvious answer to this question but I can't see it.

I am encrypting a file using a private key at the server and then sending the file to a client where it is decrypted using the same key. The problem is that there are security risks if I use the same key for every file I encrypt. I can easly generate a random key for each file, but how does the client know what the key is? The obvious answer would be to send the key to the client but it could be intercepted and used to decipher the file.

Any ideas?

Thanks in advance :)

Jamie
 
re:

you can't send the key and the encrypted message at the same time or anyone could intercept and decrypt it no matter how many keys you use.

if this is an ASP.NET app then you can redirect the user to a page that checks the IP or cookie data to validate that this user recieved a certain encrypted file then redirect them again to the proper key.

short of that, you would need some sort of validation routine between sending the encrypted file and the key.
 
Back
Top