#1 2016-03-19 18:58:33

ertank
Member
Registered: 2016-03-16
Posts: 168

Advise on hiding "Key" used for AES256 encryption

Hi,

We all know that constants and strings written directly in source code are also directly written in compiled EXE files. So, someone trying to hack the key may go in assembly code, see some strings there & may search EXE file with a hex editor and also might extract my fixed string for reversing crypt text.

I wonder if there are some easy ways to "hide" my key used for AES256 encryption in compiled EXE file.

Thanks.

--Ertan

Offline

#2 2016-03-21 07:38:42

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,666
Website

Re: Advise on hiding "Key" used for AES256 encryption

It would be just the same as with any private key.
Once the key is shared, it should be kept private...

What you can do is put the key in a file, or ask for it at the first connection, then store it locally.
Then, the .exe won't contain the private key.

Usually, we put the keys in the settings file, encoded as BASE-64 with a simple encryption - via the TSynPersistentWithPassword class.

Offline

Board footer

Powered by FluxBB