How to: Build secure desktop applications: Difference between revisions

Desktop application design has some security concerns. As a best-practice security design, this type of applications should not store the private key (and maybe not even the shared key) of the api in the application distributable. This includes direct harcoding of the keys in the source code or any other form of encryption.

The recommended design is the use of a gatekeeper as a service for the application. This gatekeeper stores the application shared and private key and provides required user authorizations to the application.