I was looking for something like “inverted asymmetric cryptography” and came across a great post that actually covers what I need.
I want every user of my application to have a public key that allows them to decrypt the message hidden in the QR code, which was encrypted with my private key. I want to make sure that my system cannot be tricked by a fake QR code covering mine. The accepted answer suggests using digital signature, so I googled a Java tutorial that shows how to use this feature.
There is a slight misunderstanding. I thought that using a digital signature would be a simple situation (let name it Situation A):
- The message is encrypted with a private key.
- User reads encrypted message
- The user uses the public key to decrypt the message.
However, I understand that a digital signature works more like:
- A digital signature is created using the private key and message.
- The user needs the original message and the signature file.
- The user uses a digital signature to verify that the message has not been modified and comes from me.
I'm here? If so, how can I put both of my messages and signature in a QR code? Things seemed pretty easy in the case Situation A, because I could just encode the encrypted message with Base64 and put the result in a QR code. However, it seems like I cannot do the same without using type tricks encode message, encode signature, put them in one file, encode it, put the result in the code. How can i do this?
, " QR-" :
, , QR-, Base-64, . , ; , , , .
, , .