Use certificate to access a local program?

Question

I would like, when running a local program, for this program to be able to check in the current directory for a certificate and only if it finds this certificate to be valid, to give the user access to the rest of its functionalities.

Does it sound far-fetched? Or is this similar to what AIR or iPhone applications do?

What certificate type should I use? What encryption? Would using PGP as a starting point be a good idea?

Update: the idea is to use a certificate for authentication. This replaces a password.

Cheers,

-Chris.

Answer 1

These things are usually called 'license files' rather than certificates. You're using them to authenticate users instead of a password, but it's the same thing.

You typically build this using a public-key cryptosystem like RSA (as used in PGP). You generate a key pair, and embed the public key in your app. You then write license files for customers, and digitally sign them with the private key. When the app starts, it looks for a license file and validates the signature.

You can implement this in all sorts of ways. A standard way would be to use PKCS#7 as the signed envelope format, RSA or DSA as the asymmetric algorithm, SHA-1 as the hash algorithm, and AES as the symmetric algorithm.