Comments (3)
cpu
commented on May 31, 2024
1
Hi there,
In that case what I think what you're looking for is outside of the scope of what rustls can provide, or what we can assist with. You're entering into the space of DRM and anti-reverse-engineering where the threat model considers the user holding the client certificate private key (embedded/distributed with your software) as adversarial. That's not a common model and in almost every case I think you're better off redesigning your system to avoid it. If you truly can't, you could try asking your question in a general support form for cryptography/security. Good luck!
from rustls.
cpu
commented on May 31, 2024
Hi @incker,
I'm afraid your question is not very clear to me. Are you talking about a server or a client? The server certificate or a client certificate? Are you sure you don't want to protect a private key and not the certificate? A certificate is normally public data and not at all sensitive. What is your threat model?
from rustls.
incker
commented on May 31, 2024
Ok. The case is, I have a url and a client certificate for this url. But it is possible that someone can change in client binary url and client certificate. And make requests to own server..
Unfortunately, it is not possible to solve my case in another way (for example move calculation to server)
I know that can not hide everything on client with 100% grantee. But at least i want to make it harder, to receive data from memory/binary
And to make it hard to replace data in binary
from rustls.
Related Issues (20)
- Suggest registering for OpenSSF Best Practices badge HOT 7
- Pass ClientHello by reference to ResolvesServerCert HOT 2
- GHSA-6g7w-8wpp-frhj and CVE-2024-32650 don't make it clear that async rustls servers aren't susceptible HOT 2
- AWS LC fails against golang TLS server while ring works fine HOT 6
- Rustls w/ aws-lc-rs on Windows requires NASM HOT 31
- Making impl ClientHelloPayload public ? HOT 21
- Verify that SigningKey matches public key within certificate HOT 6
- Ensuring that a provider based on the one built-in is used HOT 8
- Compile error when target is watchos HOT 6
- Expose ability to customize ClientHello message HOT 4
- How I use CryptoProvider::install_default() ? HOT 3
- Illegal instruction on arm-a72 HOT 3
- Add RustCrypto cryptographic backend HOT 5
- Build rustls v0.23.5 with musl HOT 2
- UnbufferedConnectionState HOT 2
- Unbuffered process_tls_records does not mach usage scenario HOT 2
- Clean up crate feature naming
- build failure due to aws-lc-sys v0.16.0 HOT 1
- `UnknownIssuer` with self-signed certificate HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rustls.