[Interest] how to secure ssl key on symbian platform

Thiago Macieira thiago.macieira at intel.com
Mon Apr 2 15:26:11 CEST 2012


On segunda-feira, 2 de abril de 2012 18.40.35, Roopesh Chander wrote:
> Per my understanding of public-private-key crypto, secure transmission is
> not compromised (ie. a third party cannot listen in) by someone getting
> hold of the client private key. Nevertheless, with the client key, the
> 'someone' could later pretend he's the real client and get probably
> sensitive data from the server, which could be a security issue by itself.
> 
> To prevent that, all I can think of is to store the client key on disk with
> encryption.

But that would require that you store the encryption key somewhere, possibly 
in the application code. For an Open Source application, this makes no sense 
of course. If it's closed, then you may be able to hide it, but not from a 
skilled hacker.

I actually recommend storing the key in the platform's secure storage service.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center
     Intel Sweden AB - Registration Number: 556189-6027
     Knarrarnäsgatan 15, 164 40 Kista, Stockholm, Sweden
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20120402/98d5202a/attachment.sig>


More information about the Interest mailing list