Requiring a private key to be embedded into the binary is almost always a flawed design, because you're handing secret information to a computer controlled by someone you want to avoid having that data. Including 'trusted' moduli in the binary is also generally a flawed design, for the same reason.
Including a public key/certificate in the binary allows for your CA to be known as trusted, though. What is the situation that you need to embed keys in your binary for? (if it's "to keep people from using a binary with my service other than the one I provide", it won't work. Other answers might be better.) -Kyle H On Tue, Apr 8, 2008 at 7:32 PM, Julian <[EMAIL PROTECTED]> wrote: > > Hi, > I am working on a client/server application. I am using RSA and need to > ship keys in my binary, however I would rather generate key pairs on binary > execution that get signed by the login server. Correct me if I am wrong but > can I simply create my CA and keys and place the moduli of these keys inside > the binary and then use the moduli to generate a public/private key pair > that is trusted by the server? Basic idea here is to just hardcode the > moduli in the binary. I have not seen any code performing this. Am I totally > off? > > thanks in advance. > > julian ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
