On Wed, Oct 03, 2007 at 10:04:26AM -0500, Md Lazreg wrote:
> I am encrypting a file using a private key, and my program is decrypting it
> using the public key compiled in the binary.
Private keys don't "encrypt" they sign. The public key *verifies*.
If you want to encrypt, you use the "public" key to encrypt, and the
holder of the private key can decrypt.
> The question is how to protect my public key against binary analysis within
> the binary? I do not want someone to replace it with their own public key
> and hence encrypting my program's input using their private key. Any ideas
> please?
Sorry, keys are protected by OS permissions of separate key files, or
by dedicated hardware that provides access to operations that use key,
but not the key itself.
If you are protecting data from the user of your application (DRM),
you are mostly out of luck.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
