Hi, I am using Crypto++ to perform RSA signature validation where one of our partner integrators (that integrate directly against our source API) holds the private key, and we hold a list of public keys (all integrator keys). The idea is we generate a challenge message, and they sign the message using the private key. If we can verify the message with the public key, then that integrator gets access to the appropriate parts of the system. The reason for this is our partners already have their own licensing scheme, so it is a burden for them to also integrate our flex licensing scheme on top of theirs.
That said, I have a version working where I can generate keys using a FileSink (similar to examples at: http://www.cryptopp.com/wiki/RSA). In my Unit Tests I treat the keys as strings, and am able to verify the correct test integrators (i.e. I use a StringSource to read keys). It seems to me that the keys are written in a ASCII string format. I want to create a header file for our integrators containing the key that they can compile into their binary. If I use a string literal then the key is visible to the world if their executable is loaded in a binary editor. Is there a better way I can store the key for security? I have tried using ArraySink and ArraySource, writing the values using a char key[] = {...} where each element is an element from the ArraySink, but I could not get that to work with my unit tests (I think the exception was a BER Encode error on signing). Does anyone have any suggestions? Thanks for your time and sorry about the long post! Christian --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
