On Wed, Oct 03, 2007 at 10:42:59AM -0500, Md Lazreg wrote:
> Private keys do encrypt using the function :
> http://www.openssl.org/docs/crypto/RSA_private_encrypt.html
Of course they do, but when a private key encrypts, it is
called "signing", because the public key is presumed to be (drum
roll...) "public" i.e. not held in confidence exclusively by a single
recipient. So encrypting with a private key yields signatures, not
confidentiality.
> The holder of the private key is me. And it is my application compiled with
> my public key that will decrypt whatever I have encrypted with my private
> key. My application will behave differently depending on what it finds in
> the decrypted information.
Are you signing instructions that the application authenticates, and
should ignore if not signed by the right key, or sending confidential
data for the eyes of the application only?
If you are signing, your model is fine, and embedding the public key in
the binary is exactly the right thing to do. If you are encrypting,
use a symmetric algorithm, the public key algorithm is just confusing
you.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
