Public / Private Key Encryption

In relation to the on-going discussion on piracy prevention methods and server activation, I was having a quick play around with public / private key encryption. Just experimenting right now, but I may end up creating activation code for my software that communicates with my PHP based site.

I’ve looked into openssl on my server and can create code that encrypts / decrypts using public and private keys no problem. I’m using the PHP commands ‘openssl_public_encrypt’ and ‘openssl_private_decrypt’ and have generated public and private keys using the openssl ‘genrsa’ command.

Anyone have any idea how to encrypt a string using the public RSA key and Xojo that can be decrypted using ‘openssl_private_decrypt’ in PHP? I have a full MBS license which has an OpenSSL plugin, but I can’t seem to get it to work. Maybe I’m taking completely the wrong approach?

Sorry if it’s obvious, I have a stinking head cold and am on pain killers for a shoulder injury, so I’m really not thinking straight right now!

Any help greatly appreciated.

You’re doing it backwards. Giving out your private key is a very, very bad idea. It should stay on your server.

So, the typical solution is to take a bit of data, sign it using your private key, and verify the signature with the public key.

Hi Thom, that is what I plan to do. The server will have the Private key and the app will have the Public key. I’m just messing around at the moment. I only used openssl_public_encrypt in PHP to create something to test the decryption using openssl_private_decrypt.

What I can’t seem to work out is how to create something in Xojo that will encrypt using my public key that can be decrypted using openssl_public_encrypt in PHP on my server.

I don’t have any specific implementation tips, I was just pointing out a potential usage problem.