Hi Dio,
> keeping secret in Windows is obvious DPAPI
>From the DPAPI reference:
An important point to remember is that DPAPI merely
applies cryptographic protection to the data. It does not
store any of the protected data; therefore applications
calling DPAPI must implement their own storage of the
protected data.
DPAPI uses the current user's key [some hand waiving here] to encrypt
the data. So if another user runs the program, the encrypted key data
may not be available.
I think it is best to put the master key in the Windows key container,
then retrieve it as required to decrypt the private key embedded in
the executable.
Jeff
On 2/25/09, Dio <[email protected]> wrote:
>
> Hi Jeffrey!
>
> Yes, the way of keeping secret in Windows is obvious DPAPI :-) (http://
> msdn.microsoft.com/en-us/library/ms995355.aspx)
> But I'm not sure it is a good way to do it.
>
> Any suggestions?
>
> Cheers,
>
> Dio
> Someone tol me to use LLVM and compile the keys on runtime (but still
> no clue on it :-( )
>
> On Feb 26, 8:04 am, Jeffrey Walton <[email protected]> wrote:
> > Hi Dio,
> >
> > > I need to store my private key in secure and best way.
> >
> > I find it best to defer to the Operation System or, in the case of
> > Java, the library. For Windows, have your setup program create a
> > container and add an exportable key. Java, when run on Windows, allows
> > a developer to uses Microsft's CAPI to store keys when using the
> > SunMSCAPI provider. Finally, I don't know where or how Linux stores
> > the secure stuff.
> >
> > The problm you are up against is that of the 'Untrusted Hardware' and
> > 'Untrusted Operationg System', which is common to commodity hardware
> > such as Wintel and Lintel.
> >
> > Jeff
> >
> > On 2/25/09, Dio <[email protected]> wrote:
> >
> > > Hello!
> >
> > > I need to store my private key in secure and best way. However, I
> > > don't want to put it in a dongle or smartcard or anything related. I
> > > need to put that along with (inside) the 'executables' (fight against
> > > the disassembler). Any suggestions?
> > > (Registry? oh c'mon that's just for Windows)
> >
> > > Thanks!
> > > Best,
> > > Dio
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---
