I'm trying to create a mobile app that will
1) generate transactions
2) send them to my server as a string
3) and my server will relay that transaction to a Smart Contract on the Ethereum network.
I want to encrypt / sign these transactions on the client side (the mobile app) and then decrypt it on the Smart Contract side using a private / public key, so my plan is to hardcode the private key into the mobile app.
If the message is successfully decrypted by the Smart Contract, that should mean that it is a valid transaction coming from an authorized source. If the message decryption fails, that means it's a hacker and nothing will happen.
In this context, how would I generate a private / public key for just that one Smart Contract? Is there a way in Ethereum or can I just make up any rubbish I want? e.g. "abc123"
Best Answer
Everything in a contract is public so it is not a good idea to store the private keys inside a contract to decode messages. A hacker can determine your private key and create fake messages.
Also not a good idea to have a hardcoded private key in your mobile app. It is possible that a hacker can do a reverse engineering and find your keys.
It is hard to recommend something without more details. Probably I'd create a new pair private/public key on installation and store them in secure storage of the OS, and register the public key with your contract.
Now your app can sign transaction with its private key and send the signed message to the contract. The contract can use the ecrecover trick to recover the public key of the message signature and verify it is one of the registered in the contract.