RE: public key in the binary
Don't save it in the binary? Regards, Daniel Clusin EnerNOC, Inc. (617)5328154 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Md Lazreg Sent: Wednesday, October 03, 2007 11:04 AM To: openssl-users@openssl.org Subject: public key in the binary Hi, I am encrypting a file using a private key, and my program is decrypting it using the public key compiled in the binary. The question is how to protect my public key against binary analysis within the binary? I do not want someone to replace it with their own public key and hence encrypting my program's input using their private key. Any ideas please? Thanks
Re: public key in the binary
On Wed, Oct 03, 2007 at 10:04:26AM -0500, Md Lazreg wrote: I am encrypting a file using a private key, and my program is decrypting it using the public key compiled in the binary. Private keys don't encrypt they sign. The public key *verifies*. If you want to encrypt, you use the public key to encrypt, and the holder of the private key can decrypt. The question is how to protect my public key against binary analysis within the binary? I do not want someone to replace it with their own public key and hence encrypting my program's input using their private key. Any ideas please? Sorry, keys are protected by OS permissions of separate key files, or by dedicated hardware that provides access to operations that use key, but not the key itself. If you are protecting data from the user of your application (DRM), you are mostly out of luck. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: public key in the binary
In message [EMAIL PROTECTED] on Wed, 3 Oct 2007 10:04:26 -0500, Md Lazreg [EMAIL PROTECTED] said: mdlazreg I am encrypting a file using a private key, and my program mdlazreg is decrypting it using the public key compiled in the mdlazreg binary. If it isn't an automatic process of some kind, why is the public key compiled into the binary? mdlazreg The question is how to protect my public key against binary mdlazreg analysis within the binary? I do not want someone to replace mdlazreg it with their own public key and hence encrypting my mdlazreg program's input using their private key. Any ideas please? The only viable option to fulfill all those ideas is to keep your binary completely secret and to yourself. Any external exposure will make it possible to reveal how it's used and make it possible for others to use for their own purposes. Of course, you could encrypt parts of the binary, but it requires that you have a key, and the question is where you're going to have that, especially if this is a binary used in some kind of automatic process... Out of curiosity, what's the reason noone should use the binary with their own private/public key pair? Cheers, Richard -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: public key in the binary
On 10/3/07, Victor Duchovni [EMAIL PROTECTED] wrote: On Wed, Oct 03, 2007 at 10:04:26AM -0500, Md Lazreg wrote: I am encrypting a file using a private key, and my program is decrypting it using the public key compiled in the binary. Private keys don't encrypt they sign. The public key *verifies*. If you want to encrypt, you use the public key to encrypt, and the holder of the private key can decrypt. Private keys do encrypt using the function : http://www.openssl.org/docs/crypto/RSA_private_encrypt.html The holder of the private key is me. And it is my application compiled with my public key that will decrypt whatever I have encrypted with my private key. My application will behave differently depending on what it finds in the decrypted information. The question is how to protect my public key against binary analysis within the binary? I do not want someone to replace it with their own public key and hence encrypting my program's input using their private key. Any ideas please? Sorry, keys are protected by OS permissions of separate key files, or by dedicated hardware that provides access to operations that use key, but not the key itself. If you are protecting data from the user of your application (DRM), you are mostly out of luck. I just want to make sure the user does not instrument my application by changing the public key compiled within it. Basically I am looking for some mathematical operations that will scatter my public key around my executable to make it hard to figure it out. Thanks -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: public key in the binary
On Wed, Oct 03, 2007 at 10:42:59AM -0500, Md Lazreg wrote: Private keys do encrypt using the function : http://www.openssl.org/docs/crypto/RSA_private_encrypt.html Of course they do, but when a private key encrypts, it is called signing, because the public key is presumed to be (drum roll...) public i.e. not held in confidence exclusively by a single recipient. So encrypting with a private key yields signatures, not confidentiality. The holder of the private key is me. And it is my application compiled with my public key that will decrypt whatever I have encrypted with my private key. My application will behave differently depending on what it finds in the decrypted information. Are you signing instructions that the application authenticates, and should ignore if not signed by the right key, or sending confidential data for the eyes of the application only? If you are signing, your model is fine, and embedding the public key in the binary is exactly the right thing to do. If you are encrypting, use a symmetric algorithm, the public key algorithm is just confusing you. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: public key in the binary
On 10/3/07, Victor Duchovni [EMAIL PROTECTED] wrote: On Wed, Oct 03, 2007 at 10:42:59AM -0500, Md Lazreg wrote: Private keys do encrypt using the function : http://www.openssl.org/docs/crypto/RSA_private_encrypt.html Of course they do, but when a private key encrypts, it is called signing, because the public key is presumed to be (drum roll...) public i.e. not held in confidence exclusively by a single recipient. So encrypting with a private key yields signatures, not confidentiality. Ok I understand. Thanks. The holder of the private key is me. And it is my application compiled with my public key that will decrypt whatever I have encrypted with my private key. My application will behave differently depending on what it finds in the decrypted information. Are you signing instructions that the application authenticates, and should ignore if not signed by the right key, or sending confidential data for the eyes of the application only? If you are signing, your model is fine, and embedding the public key in the binary is exactly the right thing to do. If you are encrypting, use a symmetric algorithm, the public key algorithm is just confusing you. Yes I am signing. And the application will not work unless it is me who signed the input to it. That is why I do not want someone to change the public key within the application, because if they do they will be able to sign the input using their private key and make my application behave the way they want... I need a way to hide the public key in the binary... Thanks -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: public key in the binary
On Wed, Oct 03, 2007 at 10:57:39AM -0500, Md Lazreg wrote: If you are signing, your model is fine, and embedding the public key in the binary is exactly the right thing to do. If you are encrypting, use a symmetric algorithm, the public key algorithm is just confusing you. Yes I am signing. And the application will not work unless it is me who signed the input to it. This is fine, provided you don't also expect the instructions to the application to remain confidential. That is why I do not want someone to change the public key within the application, because if they do they will be able to sign the input using their private key and make my application behave the way they want... This is not possible. Why are you trying to stop the user from replacing the application's trusted key? Is this DRM? DRM is not possible without trusted hardware, and even then is difficult. What problem does preventing the user from fielding a modified application solve? -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: public key in the binary
On 10/3/07, Victor Duchovni [EMAIL PROTECTED] wrote: On Wed, Oct 03, 2007 at 10:57:39AM -0500, Md Lazreg wrote: Is this DRM? DRM is not possible without trusted hardware, and even then is difficult. Yes it is DRM in a way. I know it is not possible to have a 100% protection using only software. I am only looking to make it a little bit harder by smartly hiding the public key in the application. What problem does preventing the user from fielding a modified application solve? It solves the problem of preventing the user from running my application in a mode they did not pay for. Thanks -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: public key in the binary
On Wed, Oct 03, 2007 at 11:11:26AM -0500, Md Lazreg wrote: On 10/3/07, Victor Duchovni [EMAIL PROTECTED] wrote: On Wed, Oct 03, 2007 at 10:57:39AM -0500, Md Lazreg wrote: Is this DRM? DRM is not possible without trusted hardware, and even then is difficult. Yes it is DRM in a way. I know it is not possible to have a 100% protection using only software. I am only looking to make it a little bit harder by smartly hiding the public key in the application. If your users are not technically sophisticated, and the application is aimed at paying business customers and not the general public, it is enough to compile the key into the application. Businesses don't like being caught stealing. If or users are the general public and/or they are strongly motivated to attack the application, then it is only a matter of time... They can usually not only replace the public key, but also simply remove the code that performs the signature checks, ... There are companies selling something called white-box-cryptography. They have keyed self-obfuscating code, where it is difficult to analyze the control flow of the application, and the encryption is built in the structure of the binary rather than merely being data. Their target market is DRM. Perhaps you are looking for something like that. Don't recall any specific names, but the term should get you started in the right direction. This is not an endorsement of the security of their products, I don't know enough to endorse or condemn them. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: public key in the binary
On Wed, 3 Oct 2007, Md Lazreg wrote: On 10/3/07, Victor Duchovni [EMAIL PROTECTED] wrote: On Wed, Oct 03, 2007 at 10:42:59AM -0500, Md Lazreg wrote: Private keys do encrypt using the function : http://www.openssl.org/docs/crypto/RSA_private_encrypt.html Of course they do, but when a private key encrypts, it is called signing, because the public key is presumed to be (drum roll...) public i.e. not held in confidence exclusively by a single recipient. So encrypting with a private key yields signatures, not confidentiality. Ok I understand. Thanks. The holder of the private key is me. And it is my application compiled with my public key that will decrypt whatever I have encrypted with my private key. My application will behave differently depending on what it finds in the decrypted information. Are you signing instructions that the application authenticates, and should ignore if not signed by the right key, or sending confidential data for the eyes of the application only? If you are signing, your model is fine, and embedding the public key in the binary is exactly the right thing to do. If you are encrypting, use a symmetric algorithm, the public key algorithm is just confusing you. Yes I am signing. And the application will not work unless it is me who signed the input to it. That is why I do not want someone to change the public key within the application, because if they do they will be able to sign the input using their private key and make my application behave the way they want... I need a way to hide the public key in the binary... At this point the best you can get is security by obscurity. You can make it hard for the attacker to find the public key but there is no way to make it very hard or impossible to find where and how the public key is stored. You are not going to find some fancy mathematical way to hide this information because no matter what you do your program will have to include algorithm for reassembling it and you are going to give your program (with that algorithm included) to the user. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: public key in the binary
Hello, If your users are not technically sophisticated, and the application is aimed at paying business customers and not the general public, it is enough to compile the key into the application. Businesses don't like being caught stealing. If or users are the general public and/or they are strongly motivated to attack the application, then it is only a matter of time... They can usually not only replace the public key, but also simply remove the code that performs the signature checks, ... There are companies selling something called white-box-cryptography. They have keyed self-obfuscating code, where it is difficult to analyze the control flow of the application, and the encryption is built in the structure of the binary rather than merely being data. Their target market is DRM. Perhaps you are looking for something like that. Don't recall any specific names, but the term should get you started in the right direction. This is not an endorsement of the security of their products, I don't know enough to endorse or condemn them. You may also look at Secure Programming Cookbook for C and C++ chapter 12 with TOC: Chapter 12. Anti-Tampering 12.1 Understanding the Problem of Software Protection 12.2 Detecting Modification 12.3 Obfuscating Code 12.4 Performing Bit and Byte Obfuscation 12.5 Performing Constant Transforms on Variables 12.6 Merging Scalar Variables 12.7 Splitting Variables 12.8 Disguising Boolean Values 12.9 Using Function Pointers 12.10 Restructuring Arrays 12.11 Hiding Strings 12.12 Detecting Debuggers 12.13 Detecting Unix Debuggers 12.14 Detecting Windows Debuggers 12.15 Detecting SoftICE 12.16 Countering Disassembly 12.17 Using Self-Modifying Code but of course this is no real security but this only makes hard software hackers job. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: public key in the binary
On Wed, Oct 03, 2007 at 11:11:26AM -0500, Md Lazreg wrote: What problem does preventing the user from fielding a modified application solve? It solves the problem of preventing the user from running my application in a mode they did not pay for. If your target is PC software, then using dongles is probably the right way to go: the dongle designers are supposed to have thought of the problem in depth. For embedded targets, a company I worked at previously ultimately relied on scrambling the mode with the MAC address of the device in some obscure way and calling that 'the key', which would be computed in-house and given to the customers. Not very secure at all, but like said by Victor, it's probably enough to stop companies (and individuals wouldn't buy that product anyway). Cheers, Y. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: public key in the binary
I need a way to hide the public key in the binary... You can't ask in public for a good hiding place. Note that your question has *nothing* to do with OpenSSL or even public key encryption for that matter. Your question is basically how do I make a tamperproof executable. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: public key in the binary
On 10/3/07, David Schwartz [EMAIL PROTECTED] wrote: I need a way to hide the public key in the binary... You can't ask in public for a good hiding place. Note that your question has *nothing* to do with OpenSSL or even public key encryption for that matter. Your question is basically how do I make a tamperproof executable. That is true. The OpenSSL users however are the best suited to answer such questions in my opinion. The suggestion by Marek Marcola to get the book Secure Programming Cookbook for C and C++ is a great one. I have already ordered this book and hopefully I will get some ideas there. Thanks all for your help.
