my application requires public , private keypair combo in order create signed urls access our assets cloudfront. issue having how protect keypair unauthorized user not download keypair themselves, , generate signed urls without our permission.
i considered encrypting keypair, seems no good, encryption key have stored in client side code, visible in javascript. cannot think of other way protect keypair able use chrome dev tools.
does know of way can protect keypair without having store secret key in client side code? have considered code obfuscation, technique seems easy work around. looking find out if else possible.
thank you.
you don't need protect public key because it's public.
you'll need sign urls on server, not in browser.
the secure way protect private key hardware security module, they're not cheap.
the next best way protect access controls on server.
Comments
Post a Comment