|
List Info Thread: Re: Storing shared secrets
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
Re: Storing shared secrets |
|
List Info Thread: Re: Storing shared secrets
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
XS4ALL.NL> wrote:
>
> > THis isn't a lame attempt to be funny, but what is
this 'shared secret'
> > exactly? A license key?
> >
> > Because as mentioned before, a secret that's
shared isn't really a secret.
> > Could you explain some more details about what
this secret is all about?
>
> I can give you a fictitious example instead: you have a
server which
> computes digits of Pi, and you want to distribute your
Pi Computing Client
> to Pi-digit-hungry users all over the world, but you
don't want the hassle
> of individual "registration keys". Since your
Pi Computing Service should
> only serve your application, not your old arch-enemy
Bans Frouma's rival
> application "Pi Komputing Klient", requests
from your client to your server
> should be signed.
>
> What you want: the key used for signing available to
your client, so it can
> sign messages so your Pi Computing Service knows
they're the real deal.
>
> What you don't want: the key used for signing is
available to anyone who
> installs your client, so Bans Frouma can get at it and
use it in his Pi
> Komputing Klient.
So that's a typical client-side certificate SSL
connection. THe TS
should read into that how that's done with public/private
keypairs.
FB
===================================
This list is hosted by DevelopMentorŪ