Hello, FWIW, I ran into this "signature too long" issue when designing an authentication system. I ended falling back on private key encryption, and used an AES-DMAC as a "signature" stand in. It's only 16 bytes, which was long enough do avoid problems in my system.
I didn't really need the features of "public-key authentication" in my application, though, because I was only hashing and validating serial number on a "secure" server, not in client code. If you truly need to do one or both of these operations on a client/customer machine, (and want to avoid embedding a secret key in the app), then you need to go to public-key stuff... -Frank -----Original Message----- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jens Peter Secher Sent: Thursday, June 12, 2003 2:17 PM To: [EMAIL PROTECTED] Subject: Re: Need advice about encrypting a serial number "Jeff B" <[EMAIL PROTECTED]> writes: > I'm tasked with coming up with a new > serial number scheme, and I was thinking it would be cool to encrypt > the serial number using a public and private key. Since it's a serial > number, it needs to be short, and readable (A-Z, 0-9) (for customer > support). Your serial-number encryption application seems quite close to what I am trying to achieve, see http://www.escribe.com/software/crypto/m2945.html. I am, however, planning to use it for a pet ticket system, so the security demands are not very high. -oOo-
