stackoom
  简体   繁体   中英

distribute private key with application?

 原文  2017-05-03 09:56:42       security/ encryption/ public-key-encryption

Question

I'm building an application and want it to securely transfer data to a server. Thinking to use public/private keys for initial handshake to encrypt a key with which to encrypt subsequent data.

Is it reasonable to have the private key integrated in the executable which will be distributed out in the wild for anyone to reverse-engineer? I also thought of using three-pass protocol, but read about some of its weaknesses and it probably won't work for me

1 answers

solution1
 0  2017-05-03 15:16:15

I followed Martin's advice and posted to security exchange ( https://security.stackexchange.com/questions/158650/distribute-private-key-with-application ). There I received an answer that I accepted, by user Serverfrog:

Generate the Private/Public Keypair on the client, encrypt this with a password (maybe choose from the User itself).

The send the Public Key encrypted via Server Public Key to the Server and you have your entire Public/Private Stack.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Load Private Key Only By Company Signed Application Secure way of storing Private key in google oauth 2.0 server application How to Secure Private key(of Triple DES) in C# application? How to distribute ssl private keys for nodejs https module Private key of keygen tag Private and Public Key Storing private key Encrypt / Decrypt with Private key OPENSSL and private key Securing private API key
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM