Re: Share and store RSA - public key in java server and vice versa
Re: Share and store RSA - public key in java server and vice versa
- Subject: Re: Share and store RSA - public key in java server and vice versa
- From: Jens Alfke <email@hidden>
- Date: Wed, 14 May 2014 07:32:58 -0700
On May 14, 2014, at 7:15 AM, Roland King <email@hidden> wrote:
> If you ask a similar question to the original poster on any of the Apple Developer Forums you'll be advised not to generate key pairs on a device but to do it on a server (the advice will probably come from Quinn)
That’s a weird idea. If the server creates the key-pair, then the server knows your private key, which I would consider a major security breach. If you’re going to trust the server with your credentials, you might as well skip the fiddly encryption stuff altogether and save yourself a lot of work. Otherwise the public keys and certs are just mumbo-jumbo to give the appearance of security.
Put another way: one of the major purposes of public-key crypto is to put you in charge of your own encryption. You generate a key-pair locally on your device/computer, and the private key is known only to you and never leaves that device (except maybe inside a passcode-protected PKCS12 file.) I think of private keys as being like nuclear fuel rods — you keep them in a heavily shielded container (the Keychain) and never let them be exposed to daylight. If you do that, you have a very secure system.
—Jens
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden