2

I'm working on an idea of a license system. Where I generate an encrypted file which contains an bundle identifier and a date. This license file will be shipped with my static library. The static library must check the license file and will only accept a valid one for it to work.

I wrote a simple script which uses OpenSSL to encrypt the file with a private .pem file. And I've generated a public key (.pub) from that private key.

Now I would like to decrypt the file with the public key. But I cannot seem to find any usable examples online. The documentations seems pretty scarce.

A push in the right direction would be appreciated.

edit:

Here I read that I can only encrypt with a public key and only decrypt with a private key. But that would not work for my situation I think? I cannot distribute the private key in the static library. Since then one could generate their own license files.

Am I going about this wrong?

Hmm, here it states that is does work both ways.

Community
  • 1
  • 1
Matthijn
  • 3,126
  • 9
  • 46
  • 69
  • Why are you using asymetric key encryption (public/priovate key) vs symmetric key such as AES? – zaph Oct 15 '15 at 14:21
  • My idea was that with an asymetric encryption only I can generate a license file. If you use the same key to encrypt and decrypt, I think anyone could make their own license file. Since I have to distribute the key with the SDK itself. – Matthijn Oct 15 '15 at 14:26
  • I'm not quite sure I follow. Could you elaborate. – Matthijn Oct 15 '15 at 14:36

1 Answers1

2

What you want to do is usually called signing (RSA, not DSA) which is encrypting with the private key. In PKI it is generally assumed the Public key is indeed public, not a secret, and as such there is no security to the data so it is just considered authentication.

But in your case since the public key secret (some-what) you gain some data protection but what you are really after is that the data was created by you (your private key) which is really signing; you state that you want to ensure the creator is you.

I say "the public key secret (some-what)" because the public key is embedded in the app.

zaph
  • 111,848
  • 21
  • 189
  • 228
  • Hi, thanks for your reply. I've looked into this after you've mentioned it and it seems a good way to go. Though, I'm a bit stuck there as wel. I've moved that to [another](http://stackoverflow.com/questions/33172939/verifying-rsa-signature-ios) question since I thought it would be a too big of diversion from this one. – Matthijn Oct 16 '15 at 14:31