Hello Sietze,

I know the concepts of public key encryption and decryption.

Imagine the following scenario:

You have a pair of keys (private key and public key). With your public key you encrypt documents and you store them in your database. Now your public key gets invalid, so you cannot encrypt anymore with this key (or can you even if it gets invalid because of the date? I have to try this.). Now you have to throw away this old public key and get another one (and another private key because you need a pair). With the new private key you cannot decrypt the data you have stored in the database because it is encrypted with the old public key.

Even if your public key becomes invalid (how?) or lost, your private key is still functioning. You never throw away a private key! This only becomes a problem if your private key gets lost. This is usually solved by storing the private key in a secure place so it can be recovered. Most PKI's can do this. Look for something like key history....

After a compromise, you will have to re-encrypt anything. You will have to write a function that does this.

Hello Sietze,

I have another question concerning the secude library and CRL checking (our customer does not want smart cards but wants to have CRL checking).

If we decide to use the secude library, what consequences do we have to consider (license costs; switching from cryptolib to secude library)?

What other functionality is covered by the secude library?

Regards

Georg

For the license costs you have to contact Secude Sales in your country (for Germany, this will be Darmstadt). You'll have to look for contact details on the website. I am in Consulting and cannot tell you anything about license costs.

The SAP Cryptolib is a slimmed down version of the SECUDE libarary, so this is more or less a drop in replacement (in this direction only, of course).

SNC would be the major other functionality to consider.