What do you mean a licence file? is it just a normal file?
Could you please explain your idea in more detail? Date: Mon, 31 Mar 2008 12:45:00 -0500 From: [EMAIL PROTECTED] To: openssl-users@openssl.org Subject: Re: AW: Problems about how to store private key safely CC: [EMAIL PROTECTED] How about signing, with private key, a licence file, then embed your public key(binary format) in your application and then deploy your application along with the licence file, and never part with your private key - Otherwise if not private anymore. On 3/31/08, Joseph Felten <[EMAIL PROTECTED]> wrote: Quoting Emre Binisik <[EMAIL PROTECTED]>: > > -----Ursprüngliche Nachricht----- > > Von: [EMAIL PROTECTED] [mailto:owner-openssl- > > [EMAIL PROTECTED] Im Auftrag von [EMAIL PROTECTED] > > Gesendet: Samstag, 29. März 2008 20:34 > > An: openssl-users@openssl.org > > Betreff: Re: Problems about how to store private key safely > > > > Hello, > > > > [EMAIL PROTECTED] wrote on 03/28/2008 10:18:39 AM: > > > > > Hello, > > > > > > I hope to design an application that uses OpenSSL. Users will use > > this > > application from > > > different PCs or Laptops. Therefore, users will have to have their > > private key in > > > different pcs. If I use the pass phrase protected private key, is it > > possible for other > > > persons to steal and decrypt that key. > > > > > > Or do you have more feasible ways to implement it? > > Smartcards. > > > One question here: Is there a possibility or interface, > to make the private key operations on the smartcard, > so that the private key never leave the smardcard? > For example some functionality, that maps private key > operations on pkcs11? Hallo. I am no expert, but I have worked with digital certificates on smart cards to control access to SSL (via openssl) on Apache. The private keys were indeed locked on the smart card with no way to copy them off as a security measure. With SSL via the browser, a bit of software called a security module plugs in to the browser for controlling access to the certs on the smart card. >From what I read at the time, if it is possible to crack that, it is not trivial. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] _________________________________________________________________ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
