简体繁体 English

我应该将公钥放在独立的应用程序中的什么位置

[英]Where should I put the public key in a standalone application

原文 2012-06-27 11:45:22 5 2 c#/ .net/ rsa/ public-key-encryption

I wrote an C# WPF application that signs a license xml file using the standard .Net SignedXml class. 我编写了一个C＃WPF应用程序，该应用程序使用标准的.Net SignedXml类对许可证xml文件进行签名。 I am able to extract the public and private key as xml strings. 我能够将公钥和私钥提取为xml字符串。 I can safely tuck away my private key locally for the signing application, but what about the public key needed in the remote sign check application (library)? 我可以在本地安全地保存签名应用程序的私钥，但是远程签名检查应用程序（库）所需的公钥呢？ Options considered: 考虑的选项：

KeyContainer: no good, because signing and checking happens in 2 separate environments KeyContainer：不好，因为签名和检查是在2个独立的环境中进行的
Hardcoded: hardcode the public key as xml string in my checking library. 硬编码：在我的检查库中将公用密钥硬编码为xml字符串。 I know the public key is not secret, but how can I prevent hackers from replacing the key with their own? 我知道公钥不是秘密，但是如何防止黑客用自己的公钥替换公钥？ I can sign the library, but then they could tamper with the application using the library.... 我可以对库进行签名，但是然后他们可以使用库来篡改应用程序。

2 个解决方案

Put the public key in a standard digital certificate that you distribute with your app. 将公钥放入随应用程序分发的标准数字证书中。 The integrity of the certificate will then be guaranteed by Windows, and you can tell if it's been changed. 然后，Windows将保证证书的完整性，您可以知道它是否已更改。

Of course both the hardware and Windows itself is under the control of any potential attacker, so you can't really prevent a compromise of a specific machine. 当然，硬件和Windows本身都受到任何潜在攻击者的控制，因此您无法真正阻止特定计算机的入侵。

Here's an example from a program that I used to distribute. 这是我以前分发的程序中的一个示例。 When the program was activated from a licence perspective, it sent a hardware hash to a web service. 从许可证角度激活该程序后，它会将硬件哈希发送到Web服务。 This returned a self-signed certificate containing the hardware hash, which my program then checked whenever it was started. 这返回了包含硬件哈希值的自签名证书，然后我的程序在每次启动时都会对其进行检查。 If the certificate had been changed in any way, the program would stop. 如果证书已以任何方式更改，程序将停止。

I put the public key in a directory outside of the inetpub directory, and if you move the private key off of the computer, then the worst someone could do is to replace the public key and it no longer can decrypt, but you could be informed when it can't decrypt to know something happened. 我将公钥放在inetpub目录之外的目录中，如果将私钥从计算机上移开，那么最糟糕的事情就是替换公钥，并且它不再可以解密，但是您会被告知无法解密就知道发生了什么事。

But, if someone was able to change your file you will have bigger problems that just having this one file changed. 但是，如果有人能够更改您的文件，那么您将面临更大的问题，那就是仅更改一个文件。

UPDATE: 更新：

Oops, I missed that this is a WPF program. 糟糕，我错过了这是WPF程序。 Unfortunately the best you can do is to have the private key separate from the public key, so, you can decrypt, but if the hacker changes the public key the application won't function properly. 不幸的是，您最好的办法是将私钥与公钥分开，这样就可以解密，但是如果黑客更改了公钥，则应用程序将无法正常运行。

That is one of the advantages of using the public/private key, to verify that only you can do the encryption. 这是使用公用/专用密钥来验证只有您才能进行加密的优点之一。

The other option is to fetch the public key from a webserver, but then you have the same problem in that it is possible for someone to trick the application to go to the wrong server, so it isn't full-proof, and it will require that the user had an Internet connection, and for you to uniquely identify them. 另一个选择是从网络服务器获取公钥，但是然后您遇到了同样的问题，因为有人可能欺骗应用程序进入错误的服务器，因此它不是完全可靠的，并且会要求用户具有Internet连接，然后您才能唯一地标识他们。