On Wed, Oct 03, 2007 at 10:57:39AM -0500, Md Lazreg wrote:
> > If you are signing, your model is fine, and embedding the public key in
> > the binary is exactly the right thing to do. If you are encrypting,
> > use a symmetric algorithm, the public key algorithm is just confusing
> > you.
>
> Yes I am signing. And the application will not work unless it is me who
> signed the input to it.
This is fine, provided you don't also expect the instructions to the
application to remain confidential.
> That is why I do not want someone to change the
> public key within the application, because if they do they will be able to
> sign the input using their private key and make my application behave the
> way they want...
This is not possible. Why are you trying to stop the user from replacing
the application's trusted key? Is this DRM? DRM is not possible without
trusted hardware, and even then is difficult.
What problem does preventing the user from fielding a modified application
solve?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
