On 10/3/07, Victor Duchovni <[EMAIL PROTECTED]> wrote: > > On Wed, Oct 03, 2007 at 10:04:26AM -0500, Md Lazreg wrote: > > > I am encrypting a file using a private key, and my program is decrypting > it > > using the public key compiled in the binary. > > Private keys don't "encrypt" they sign. The public key *verifies*. > If you want to encrypt, you use the "public" key to encrypt, and the > holder of the private key can decrypt.
Private keys do encrypt using the function : http://www.openssl.org/docs/crypto/RSA_private_encrypt.html The holder of the private key is me. And it is my application compiled with my public key that will decrypt whatever I have encrypted with my private key. My application will behave differently depending on what it finds in the decrypted information. > The question is how to protect my public key against binary analysis > within > > the binary? I do not want someone to replace it with their own public > key > > and hence encrypting my program's input using their private key. Any > ideas > > please? > > Sorry, keys are protected by OS permissions of separate key files, or > by dedicated hardware that provides access to operations that use key, > but not the key itself. > > If you are protecting data from the user of your application (DRM), > you are mostly out of luck. I just want to make sure the user does not instrument my application by changing the public key compiled within it. Basically I am looking for some mathematical operations that will scatter my public key around my executable to make it hard to figure it out. Thanks -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
