Hello Paul,
If you want the public key to be in the code, rather than in a keystore, you
will have to generate the keypair on the server first, before you compile
the client, then take the public key from that generated pair and place it
in the client code.
Note: this is an extraordinarily bad idea. No key pair is completely
immune. The moment someone discovers your private key, all of your
installed base of code is compromised.
I'd be concerned about your scheme. How will the client know that the key
has been compromised? How can the client be certain that your address has
not been compromised? How can you inform them of this? That is what the
certificate authority is for, and why they have Certificate Revokation
Lists.
The Public Key Infrastructure has been beaten around for a long time to work
out these issues in fine detail. If you go about circumventing bits of it,
you open yourself up for attack in a manner that will destroy your
credibility the moment an attack is successful.
Think about it.
--- Nick
"Paul Fi" <na*******@hotmail.com> wrote in message
news:eS**************@tk2msftngp13.phx.gbl...
I have this encryption scheme that I want to implement:
I have an authentication server, which takes clients' credentials to
complete authentication but first I have to encrypt the credentials, I
want to use asymmetric encryption which the server creates the key pair
(public and private keys) but to avoid round trips of the authentication
protocol instead of having the server sending the public key to clients,
I want to have the public key to be hard coded into client code and also
assign the same public key to the server as well but the problem is how
do I get the private key created on the server side in a way that gets
the public and private key mathematically linked?
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!