On Tue, Oct 24, 2006 at 11:23:39AM +0200, Ernst Wei?gerber wrote:
> I'm working on the development of a client/server system. We want to ensure
> that only our client application can access our server. For that we want to
> use a client certificate. We have to hide the client, server and root
> certificates securely inside the client application. Are there any
> suggestions how to do this?
There is no point in hiding certficates (aka public keys), doing so
yields no security benefit. There is typically no benefit in attempting
to hide the client private key inside a software application binary,
determined users can recover the private key, or modify the behaviour
of the application.
Nothing further can be said without more detail about your threat model.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
