Re: public key in the binary

Wed, 03 Oct 2007 09:30:16 -0700 

On Wed, 3 Oct 2007, Md Lazreg wrote:


On 10/3/07, Victor Duchovni <[EMAIL PROTECTED]> wrote:


On Wed, Oct 03, 2007 at 10:42:59AM -0500, Md Lazreg wrote:


Private keys do encrypt using the function :
http://www.openssl.org/docs/crypto/RSA_private_encrypt.html


Of course they do, but when a private key encrypts, it is
called "signing", because the public key is presumed to be (drum
roll...) "public" i.e. not held in confidence exclusively by a single
recipient. So encrypting with a private key yields signatures, not
confidentiality.



Ok I understand. Thanks.


The holder of the private key is me. And it is my application compiled
with

my public key that will decrypt whatever I have encrypted with my

private

key. My application will behave differently depending on what it finds

in

the decrypted information.


Are you signing instructions that the application authenticates, and
should ignore if not signed by the right key, or sending confidential
data for the eyes of the application only?

If you are signing, your model is fine, and embedding the public key in
the binary is exactly the right thing to do. If you are encrypting,
use a symmetric algorithm, the public key algorithm is just confusing
you.




Yes I am signing. And the application will not work unless it is me who
signed the input to it. That is why I do not want  someone to change the
public key within the application, because if they do they will be able to
sign the input using their private key and make my application behave the
way they want...

I need a way to hide the public key in the binary...



At this point the best you can get is security by obscurity.  You can make 
it hard for the attacker to find the public key but there is no way to 
make it very hard or impossible to find where and how the public key is 
stored.  You are not going to find some fancy mathematical way to hide 
this information because no matter what you do your program will have to 
include algorithm for reassembling it and you are going to give your 
program (with that algorithm included) to the user.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]























					Reply via email to