Public key generation

[Amit_Saini]

Hello All,

First of all thanks for making this awesome product. Its of great help to us.

We are building a player application for DCP(including encrypted). One of the potential customer is asking us to share public key(certificate) of our player so that he can generate KDM. We are not sure if this certificate needs to be unique for all our player instances or would it be unique for each of our player instance . We will then accordingly define policy to generate public-private pair for each machine or just once for our application.
Please confirm the right strategy to be used here.

Regards
Amit

[carl]

You should make the public key unique for each player instance. Otherwise a KDM made for a DCP will work on any copy of your program, which probably isn't what you want.

[Amit_Saini]

Thanks Carl. This makes sense.
Can you direct me to open source code which we can use to generate public_private key. This will be then needed to be embedded within our application. By the way do we need an intermediate info for certificate chain. Moreover is it possible to link public key with MacId or some hardware property. Sorry for asking so many queries in a shot go.
Thanks in advance
Amit

[carl]

certificate_chain.cc in my libdcp library creates certificate chains. Although this is GPL code so you cannot use it unless your project is licensed under the GPL.

Off the top of my head I can't think of a way to link public key to a hardware property. I don't think it would be desirable, as the keys should be random.

Wolfgang Woehl also has a lot of information on line.