Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cross-platform way of hiding cryptographic keys in C++?

My application needs to use a couple of hard-coded symmetric cryptographic keys (while I know that storing a public key would be the only perfect solution, this is non-negotiable). We want the keys to be stored obfuscated, so that they won't be recognizable by analyzing the executable, and be "live" in memory for as little time as possible - as to increase the difficulty of a memory dump retrieving them in clear-text. I'm interested in using C++ features (using some sort of scoped_key comes to mind). The solution must be portable - Windows, Linux, MacOS -, so it cannot take advantage of the operating system crypto API.

How would you go about designing such a system? Thanks a lot.

like image 320
Pedro d'Aquino Avatar asked Dec 30 '22 19:12

Pedro d'Aquino


1 Answers

All you're going for here is security through obscurity. If you have one of us come up with an idea, you won't even have that.

John Skeet has a good article on this too.

Do something random is all I can say.

like image 71
Spencer Ruport Avatar answered Jan 14 '23 02:01

Spencer Ruport