Advise on hiding "Key" used for AES256 encryption

ertank · 2016-03-19 18:58:33

Hi,

We all know that constants and strings written directly in source code are also directly written in compiled EXE files. So, someone trying to hack the key may go in assembly code, see some strings there & may search EXE file with a hex editor and also might extract my fixed string for reversing crypt text.

I wonder if there are some easy ways to "hide" my key used for AES256 encryption in compiled EXE file.

Thanks.

--Ertan

ab · 2016-03-21 07:38:42

It would be just the same as with any private key.
Once the key is shared, it should be kept private...

What you can do is put the key in a file, or ask for it at the first connection, then store it locally.
Then, the .exe won't contain the private key.

Usually, we put the keys in the settings file, encoded as BASE-64 with a simple encryption - via the TSynPersistentWithPassword class.

mORMot Open Source

#1 2016-03-19 18:58:33

Advise on hiding "Key" used for AES256 encryption

#2 2016-03-21 07:38:42

Re: Advise on hiding "Key" used for AES256 encryption

Board footer