[Interest] how to secure ssl key on symbian platform
Roopesh Chander
roop at forwardbias.in
Mon Apr 2 15:10:35 CEST 2012
Per my understanding of public-private-key crypto, secure transmission is
not compromised (ie. a third party cannot listen in) by someone getting
hold of the client private key. Nevertheless, with the client key, the
'someone' could later pretend he's the real client and get probably
sensitive data from the server, which could be a security issue by itself.
To prevent that, all I can think of is to store the client key on disk with
encryption.
roop.
On Mon, Apr 2, 2012 at 5:55 PM, franki <franki at franki.eu.org> wrote:
> Hi,
>
> I have app which uses SSL cert to log in to server. Server is verifying
> client
> certificate and checking it against custom CA (located on server). On the
> other
> hand client is also veryfing server certificate and checks it with
> certificate
> from custom CA, so there is full verification, and no errors during
> handshake.
>
> But the problem is, that on client side cert and key are stored in
> application
> private dir, which is inaccessible during normal phone usage, but when I
> connect this phone to PC with USB in mass storage mode, private application
> dir is accessible (at least I can see it) and probably someone would be
> able
> to copy ssl key from phone, that in turn would compromise secure
> transmision,
> right?
>
> So finally the question: Is there some way to store this ssl key (file) in
> a
> safer way on symbian device ? Has someone some idea/expierience with that ?
>
> best regards
> Marek
> _______________________________________________
> Interest mailing list
> Interest at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/interest
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20120402/346d1733/attachment.html>
More information about the Interest
mailing list