2

I'm in the need of an inverse public-key encryption method where you encrypt with the private key and decrypt with the public key. In other words an asymetric encryption where you can't generate the encryption key from the decryption key. Does such encryption exist? If yes which, and which would be the fastest?

If nothing like that exists I would be glad if you helped me out with my situation:

I need to authenticate users logging in from my Java application in the way that the response from the server cannot be falsified and thus giving the user full access to the application. Using public key encryption was an obvious method, I would decrypt data received from the client to confirm the credentials. This won't work because if someone manages to decompile and get the private key from the code, they would be able to generate the public key, which would make them able to crack my application again. So any ideas how I can get this secure?

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
Matt
  • 21
  • 3

1 Answers1

1

What you are looking for is so called white-box cryptography. That said, you should definitely check if you can't get away with digital signatures. The reason is that white box cryptography is a special case of program obfuscation that is quite hard to achieve. Existing, practical schemes do not rely on hard problems but rather on not being broken so far. So you do not get rigorous security guarantees but only the statement that nobody that tried did succeed (which says nothing about how many tried and who tried...).

mephisto
  • 2,968
  • 20
  • 29