Reputation: 885
Silverlight - Hardcoding private key
If I hardcode a private key in a Windows Phone application, can people extract it once the application is released to the public on the Windows Store?
I am asking this because I have found no way of accessing installed certificates from the phone.
Upvotes: 0
Views: 152
Answers (1)
Reputation: 11439
Obviously I don't know the specific details of what you're trying to do, but I will say that putting sensitive information like passwords or private keys and the like into your application is almost always a bad idea. As fantastically productive .net is, it's also extremely easy to reverse engineer (in fact many, many advanced developers reverse programs just to improve their own skills). A cryptographic schema is typically only as strong as the key is secure. If someone were to determine the key on one phone, it sounds like they would have access to the key on all phones, which is kind of a problem.
It would be better to store this information remotely and have the user authenticate before they can access their private key (or whatever other secure information you're trying to store).
Upvotes: 1
Related Questions
- Doing cryptography on Windows Phone
- Generate AES key in C# for windows store app
- WinRT where store RSA private key
- Windows Phone 8 RSA Encryption
- Windows phone encrypting data using sha256
- Keynotfound exception
- How to store a secret or a private key securely in Silverlight 4?
- Cryptography in Silverlight
- Storing sensitive data in Silverlight
- Silverlight and Encryption, how to store/generate they key/iv pair?