2

I'm interested in handling licenses I distribute with my app with ASN1 and including the Public Key within my application. I've already created the Private/Public Keys, but my confusion is in how the Public Key that will also be distributed with the application is to check the signature of the license. If the license is encrypted how does the application decrypt what's in it if only the signature is checked?

I can't seem to find any example on how to do this with an ASN1 Public Key, any insight on the subject would be very appreciated.

I've read the following:

Jack O'Leary
  • 121
  • 3
  • A public key never decrypts. If you want to protect your licenses against forgery/modification but not disclosure, an asymmetric (PKC) _signature_ which the publickey _verifies_ is one approach (although you tagged PKI which is the exact opposite of having the publickey included in your app). In this case whether the signed data (your license) is ASN1 or not is your totally-free choice, and whether the publickey is ASN1 or not mostly depends on the crypto lib(s) or facility(s) you use, which you give no clue about. Some signature _values_ (DSA and ECDSA) do standardly use ASN.1 internally. – dave_thompson_085 Feb 21 '17 at 08:56
  • @dave_thompson_085: I see, the signing aspect you mention does sound interesting, is there any additional information you could provide about that or how it works in regards to protecting a license? Thank you. – Jack O'Leary Feb 21 '17 at 13:51

0 Answers0