Thanks Kyle,
Here is my situation:
I have a server which can sign certificates over tls(implemented in
both client and peer).
I generate a public/private key pair for each peer now.
I need a way so Peer A Trusts Peer B because.
So, I am trying to figure out the best way to do this, can server sign
each peers certs and them trust each other?
Thanks
julian
On Apr 8, 2008, at 11:04 PM, Kyle Hamilton wrote:
Requiring a private key to be embedded into the binary is almost
always a flawed design, because you're handing secret information to a
computer controlled by someone you want to avoid having that data.
Including 'trusted' moduli in the binary is also generally a flawed
design, for the same reason.
Including a public key/certificate in the binary allows for your CA to
be known as trusted, though.
What is the situation that you need to embed keys in your binary for?
(if it's "to keep people from using a binary with my service other
than the one I provide", it won't work. Other answers might be
better.)
-Kyle H
On Tue, Apr 8, 2008 at 7:32 PM, Julian <[EMAIL PROTECTED]> wrote:
Hi,
I am working on a client/server application. I am using RSA and
need to
ship keys in my binary, however I would rather generate key pairs
on binary
execution that get signed by the login server. Correct me if I am
wrong but
can I simply create my CA and keys and place the moduli of these
keys inside
the binary and then use the moduli to generate a public/private key
pair
that is trusted by the server? Basic idea here is to just hardcode
the
moduli in the binary. I have not seen any code performing this. Am
I totally
off?
thanks in advance.
julian
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
