2008/11/15 Robert Relyea <[EMAIL PROTECTED]>: > NZzi wrote: >> >> Robert Relyea wrote: >>> >>> NZzi wrote: >>>> >>>> hi all: >>>> >>>> I want to use private key to encrypt a message, >>>> and decrypt with public key. >>> >>> Are you encrypting data or a symmetric Key? >>> Most of the nss code that does these operations does so on actual >>> symetric keys (which are then used to do additional >>> encryption/decryption/macing). >>> In that case they are using the PK11_PubWrapSymKey() and >>> PK11_PubUnwrapSymKey(). >> >> >> If i use symmetric key to encrypt a license and use private key >> to encrypt the symmetric key, other people can have my public >> key. > > Yeah, it's an unfortunate name. The Pub in PubWrapSymKey means 'Public Key > Cryptography" not PublicKey. It's really the private key. It was written > before we started standardizing on separating Public and Private in the > function name. >
but i must guarantee the integrity of license and forbid it from regenerating or modifying. No matter what key(public or private) is used to wrap the symkey, if someone hack the program to get the unwrapped symkey(e.g. from memory), he can modify and regenerate the license to pass the validation. So i just want to use private key to encrypt the license, decrypt and validate it using public key. The reason I don't use SGN_*() is I need recover the content of license. I tried the PK11_VerifyRecover(), but got 8192 error, So I'm not sure PK11_VerifyRecover() can recover the content of license signature, signed by PK11_Sign(private_key,...)? > bob >> >> I think he can hack my program to get the symmetric key, >> when my program recover the license using the symmetric key >> decrypted by public key. >> >> He can write a new license and re-generate the license to let >> the software use forever, how can I forbid this? >> >> >>> >>> bob >>>> >> >> [snip...] >> _______________________________________________ >> dev-tech-crypto mailing list >> dev-tech-crypto@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-tech-crypto > > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
