On Tue, May 14, 2013 at 2:08 PM, kee nethery <k...@kagi.com> wrote: > You embed your public RSA key into your app. > You pick a random symmetrical key and encrypt your payload using that key. > You encrypt the random symmetrical key with your private RSA key. > You append the encrypted random key to your encrypted payload and send > that to the customer. > You extract the encrypted random symmetrical key from the payload and > decrypt it with your embedded public key. > You take the decrypted random symmetrical key and use that to decrypt the > payload. >
Cryptography was never one of my areas of math--but doesn't this reduce the total security to the security of the symmetrical key used? I thought that the total encryption level was effectively limited to the weakest element in the chain . . . > This prevents someone from creating an unlock file that your app can > decrypt and use. It does not prevent them from passing the file on to > another user. To attempt to prevent them from passing an unlock payload to > another user, you'll need to get something from the user and validate that > against what is in the payload. > *That* is not a problem in my case :) The main payload is the name, address, and bar number (law license), as well as jurisdiction, of the licensed attorney. You can't file much under another attorney's name. (But I red a discipline case some time ago where an attorney got a sample document from another, and had so little idea what he was doing that he started filing with the other attorney's name still listed . . .) -- Dr. Richard E. Hawkins, Esq. (702) 508-8462 _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
