How about signing, with private key, a licence file, then embed your public key(binary format) in your application and then deploy your application along with the licence file, and never part with your private key - Otherwise if not private anymore.
On 3/31/08, Joseph Felten <[EMAIL PROTECTED]> wrote: > > Quoting Emre Binisik <[EMAIL PROTECTED]>: > > > > -----Ursprüngliche Nachricht----- > > > Von: [EMAIL PROTECTED] [mailto:owner-openssl- > > > [EMAIL PROTECTED] Im Auftrag von [EMAIL PROTECTED] > > > Gesendet: Samstag, 29. März 2008 20:34 > > > An: openssl-users@openssl.org > > > Betreff: Re: Problems about how to store private key safely > > > > > > Hello, > > > > > > [EMAIL PROTECTED] wrote on 03/28/2008 10:18:39 AM: > > > > > > > Hello, > > > > > > > > I hope to design an application that uses OpenSSL. Users will use > > > this > > > application from > > > > different PCs or Laptops. Therefore, users will have to have their > > > private key in > > > > different pcs. If I use the pass phrase protected private key, is it > > > possible for other > > > > persons to steal and decrypt that key. > > > > > > > > Or do you have more feasible ways to implement it? > > > Smartcards. > > > > > One question here: Is there a possibility or interface, > > to make the private key operations on the smartcard, > > so that the private key never leave the smardcard? > > For example some functionality, that maps private key > > operations on pkcs11? > > Hallo. I am no expert, but I have worked with digital certificates on > smart > cards to control access to SSL (via openssl) on Apache. The private keys > were > indeed locked on the smart card with no way to copy them off as a security > measure. With SSL via the browser, a bit of software called a security > module > plugs in to the browser for controlling access to the certs on the smart > card. > >From what I read at the time, if it is possible to crack that, it is not > trivial. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
