How to generate a PGP key whose public key has only authorisation of writing to any file?

Question

I would like to track log files.

User must only write to log file by using public key and file must be encrypted or user must write to the file which is encrypted by public key before. (User can not edit or read file.)

And, I need to read that log file by using my private key. Or do you have any suggestions to solve that issue?

Answer 1

An answer has came from Adrian Ho who is Quora User.

This is a textbook encryption situation that requires two components:

• a symmetric stream cipher like ChaCha20 (for text-based logs; if you're writing binary logs in fixed-size blocks, a symmetric block cipher like AES could work too)
  
• an asymmetric cipher like RSA

Both ciphers should be available in a crypto library for pretty much every production-quality language. I've personally dabbled with both libcrypt (the core library of GnuPG) and NaCl (an alternate crypto library that emphasizes ease-of-use and speed), but go ahead and use whatever you have on hand.

The prep work:

Create an RSA key pair.
Embed the public key in the logger program.
Keep the private key private.

The logger's basic logic:

1. Every time it creates a new log file, it first does the following:

   • Generate a new ChaCha20 key at random.
   • Encrypt the ChaCha20 key with your RSA public key.
   • Write the encrypted ChaCha20 key at the start of the file.

2. Every time it writes a new log entry, it first encrypts the entry with ChaCha20.
   

On the receiving end, your custom log reader does this on each log file:

1. Read the encrypted ChaCha20 key from the start of the file.
2. Decrypt the key with your RSA private key.
3. Decrypt the rest of the file with the decrypted ChaCha20 key.

Job done.