Encryption without a classic exchange scenario
I am working on a project where I need to securely encrypt and decrypt files on a product without the ability for direct communication or key derivation after the product is sold. The challenge is that I can only store encrypted data on the product without any means to communicate with it post-sale. I've explored using private-public key encryption, but as this is not a classical exchange scenario, I'm seeking advice on alternative methods. Any suggestions for secure encryption and decryption on a product without post-sale communication would be greatly appreciated. Thank you!
Edit for more insight: Our objective is to establish the authenticity of our data, particularly when encrypting license keys and securing encoded commands. Before transmitting sensitive information, such as license keys, we employ digital signatures using our private asymmetric key. This signature acts as a unique identifier, verifying that the data originated from us. When recipients receive the data, they can verify its authenticity using our public key. – This process ensures that only our software, possessing the corresponding public key, can decrypt and validate the license keys or execute secured commands. By employing digital signatures, we prevent unauthorized parties from forging data or executing unauthorized commands, thereby enhancing trust and security in our software. –
For now we are using deprecated functions of OpenSSL who allow the private key RSA encryption (rsa_private_encrypt) and public key RSA (rsa_public_decrypt). We generate a symetric key, encrypt it with priv rsa and then use that key to encrypt data. on the hardware we store only the encrypted symmetric key and encrypted data along with the public rsa key. Im not sure if this is 100% effective for our purpose but needed to get rid of these functions (deprecated) but no other open source cryptolib offers that.. that is why I decided to look for better ways.
