Databases
StackOverflow2013
Postsdbo
POCould I hide the encryption key of a c# exe securely (in a way that can't be decompiled in any known way), as in C/C++?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POCould I hide the encryption key of a c# exe securely (in a way that can't be decompiled in any known way), as in C/C++?
    primarykey
    data
    text
    <p>I love c# for programming applications (I consider myself intermediate with c#, and a bit less with C/C++, but am only learning, nothing real yet in the arena), and I used to like it until i discovered "anyone" who understand MSIL (not an easy task to learn neither) could decompile my code. I don’t really care about someone decompiling my code, but my utter concern is the security for my eventual program users. I know obfuscators exist, and I even know of one or two that are really good, I hear (even if they only delay a decompiling).</p> <p>For example, if I want to decrypt something using c#, some where in the code the key should be, making it a danger for anyone who use my program (someone who know someone who encrypted the file using my program could decrypt it by researching on my MSIL code, finding my key). Then, the developing of massive applications that encrypt/decrypt stuff (or OpenSSL) is insane with c#, I think, for this reason.</p> <p>I mean, most users won’t know what language was used to make that exe, but a bunch of people are able to program n c#, and an elite of this people can read MSIL, and a minority of this elite would like to hack what ever is possible to hack. Of those people who like to hack, some of them can do it with perverse intentions (in a value-less world where we live that shouldn’t surprise anyone).</p> <p>So, if I want to make a program that download a file from the internet, someone could interfere the transmission and do some evil, even if I use OpenSSL with c#, because somewhere in the c# file is the key. I know avoiding hacking is probably impossible, but it looks like c# is a very unsecure way.</p> <p>Does it happen with Java? (Java has the same “interpreting” and “decompile” structure as C#); I mean, the fact that the key is visible in Java (with some educated eye) some where in the building file? Or does Java use some C/C++ based API that makes it harder (way harder) to decompile the file where the key is and so making it hard to get the key?</p> <p>Is my only option to write my program with c/c++? Because if so, my only option is C++Builder, since its a hell to even try to watch (and less to learn) MFC/OWL code; I mean: I cant hardly think of someone who could like MFC/OWL programming. In fact, I suppose Assembly could be of more interest in the today programming world.</p> <p>So, here I am, wanting to find someone who could explain me better a way to store securely crypto keys for encrypting/decrypting or to use OpenSSL with c#. Or even with Java. I would like to confirm that C/C++ is the only way of really using these features with some security for decompiling reasons (as other compiled programming languages, i.e. Delphi).</p> <p>If anyone knows a site where I can find precise information about the subtle reasoning I suppose I have done (specially one that shows am wrong in my analysis), please tell me. If any one can confirm my analysis, please confirm. If anyone find any hole in my analysis, again, please tell me, and where to find more information that rule me to get a better understanding of all this.</p> <p>Am sorry for making this philosophical computer programming question that long. </p> <p>Thank you,</p> <p>McNaddy</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USMcNaddy
    plurals
    1. PL
      singulars
      1. LTLinked
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POCould I hide the encryption key of a c# exe securely (in a way that can't be decompiled in any known way), as in C/C++?
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POCould I hide the encryption key of a c# exe securely (in a way that can't be decompiled in any known way), as in C/C++?
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POCould I hide the encryption key of a c# exe securely (in a way that can't be decompiled in any known way), as in C/C++?
      1. USJun Xie
      1. VTFavorite
    1. CO`in a value-less world where we live` Awww cheer up, we are here to help you out :D
      singulars
      1. POCould I hide the encryption key of a c# exe securely (in a way that can't be decompiled in any known way), as in C/C++?
      1. USAaronLS
    2. COAssuming the files you are downloading from the internet are ones you have produced yourself, see [this question](http://stackoverflow.com/questions/4595537) on safely downloading your own update files. [My answer](http://stackoverflow.com/questions/4595537/verify-authenticode-signature-as-being-from-our-company-for-automatic-updater/4596025#4596025) explains why it may be OK to use self-signing rather than buying a certificate from a signing authority. It's tagged c, but there's no code so that doesn't matter.
      singulars
      1. POCould I hide the encryption key of a c# exe securely (in a way that can't be decompiled in any known way), as in C/C++?
      1. USBrian
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload