-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan Ribe schrieb: | I am using the private key just to authenticate the client. Once server | has authenticated the client (by using the public key of client), it | will give access to that client. So I will say that in this case users | of my client application need not to have access to the private key | (becasue this authentication process is kind of transparent to them). | | If I will place the private key in some file (in the app bundle), then | there are chances of its misuse. I mean someone can write a client, can | authenticate it using the key & can get access to the server | functionality, which it not desirable !
But you are aware that a dedicated attacker is still be able to disassemble the program and get the key from there ? If you can live with this risk, you can store the key as binary and read it with the d2i_[Auto]PrivateKey() functions... Goetz - -- DMCA: The greed of the few outweighs the freedom of the many -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI0N4p2iGqZUF3qPYRAgTOAJ94WvfqoipoKe3OHB1YWMUhIv/ORgCbBUjV Mpsr5CfkUIytzXOhCXGsPYI= =pR13 -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]