On Sat, Dec 27, 2008 at 07:33:19AM -0600, Michael S. Zick wrote: > They have to "install" your application also. Let the installation > and/or registration process write the button also. > You can't write the button for the client, you don't have the client's > private key (the only thing worth protecting). > > The topic of the thread was where to store the client side security > information; the answer is: in a hardware token.
One answer is in a hardware token, but this is not the only answer. Let's not get too hung up on the details of the private key store. The OP has more important architectural issues to resolve first. Once those are dealt with, perhaps the security model will make it attractive to shield keys from disclosure via storage in hardware tokens, or perhaps the risk of compromise will not warrant the cost of hardware tokens. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org