Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
26 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon
Back to General and Gameplay Programming

[.net] It is possible to hide encryption keys in .Net cheaply?

Started by
7 comments, last by ernow 19 years, 6 months ago
It is possible to hide encryption keys in .Net code without spending a fortune on a obfustocator?
Advertisement
Obfuscator won't hide encryption keys. It might delay obtaining them, but otherwise...

In time the project grows, the ignorance of its devs it shows, with many a convoluted function, it plunges into deep compunction, the price of failure is high, Washu's mirth is nigh.

well at least it will be better than directly reading them from files with notepad. But obfuscator is not an option for me, all are sooooooo expensive.
If you have VS.NET 2003 it comes with Dotfuscator Community Edition. Look in the 'Tools' menu.
"Voilà! In view, a humble vaudevillian veteran, cast vicariously as both victim and villain by the vicissitudes of Fate. This visage, no mere veneer of vanity, is a vestige of the vox populi, now vacant, vanished. However, this valorous visitation of a bygone vexation stands vivified, and has vowed to vanquish these venal and virulent vermin vanguarding vice and vouchsafing the violently vicious and voracious violation of volition. The only verdict is vengeance; a vendetta held as a votive, not in vain, for the value and veracity of such shall one day vindicate the vigilant and the virtuous. Verily, this vichyssoise of verbiage veers most verbose, so let me simply add that it's my very good honor to meet you and you may call me V.".....V
Quote:Original post by joanusdmentia
If you have VS.NET 2003 it comes with Dotfuscator Community Edition. Look in the 'Tools' menu.


It doesn't encrypt the strings
This depends on what your trying to foil. If you just need to prevent people reading your encryption key with notepad than you can always store the key in an altered form. I'm going to assume that this program is run on a computer your "attacker" has full access to (otherwise i think this problem becomes trivial, there should be no threat if your program is held and executed securely). You are always however going to run up against one basic problem that no amount of fancy coding will protect you from. In the end, the program needs to have in its usable memory, your unobscured encryption key. Even if you hold an obscured version in memory and adapt you algorithm to use that, all you've done is complicate the algorithm and sustitute one key for another (And if you always manipulate your key in a particular way before you use it, then that will probably get picked up if someone goes to work on your algorithm). In the end your user will have to have the key on their computer, amd if they want it enough, you can't stop them without incorporating a computer they can't control into the process. Having said this, a decently complicated process will in practice stop people unless they have a good enough reason to want the key.
Use asymmetric encryption.
You mean like encrypt your encryption key so you can embed it in your assembly? But then that key will have to be in your assembly too. So you could encrypt that one, but then that key will have to be in your assembly too. So you could encrypt that one, but ...

So lets just forget about that being secure

To just obsfuscate your sting use a simple bit shift like rot or some such. try:

//UNTESTED may require casting etc..public static string Hider(string input, int shift, int cap){  char[] inc = input.ToCharArray();  char[] outc = new char[inc.Length];  for(int i - 0; i< inc.Length; i++){    outc = (inc + shift) % cap;  }  return new String(outc);}string hidden = Hider("somekey",13,255);string unhidden = Hider(hidden,-13,255);


Any character by character modification that you can reverse will work, but you may have to manually run it on your strings and then paste them in your code to get the constants in your assembly hidden.

Home something here helps you.
The best place to store a key is in the local certificate store or in the memory of the PC. That's the place to store a key safely. Not in a file!

The real problem however, is sending it to the server.

That's where public/private keys prove their use. Put a public key in/with the assembly and let it contact a server. The client creates/generates runtime a symetric key and encrypts it with the public key. The server then uses the private key to decrypt the symmetric key and there you are! The trick is then to generate new symetric key as often as you need or want to because these key can be hacked in the end.

This way you don't need to hide anything!

Cheers

This topic is closed to new replies.

Advertisement

Popular Topics

Aybe One
How do you manage yourself and your time as years pass on? GDNet Lounge
Jikoob
Too many managers? General and Gameplay Programming
ReignOnU
Do your part to stop global warming and climate change GDNet Lounge
Konjointed
C++ how do you use dependency injection? For Beginners
aigan
The promise of freedom in story games Game Design and Theory
robertrobert
Facebook Ads for sales on steam, does it work? Games Business and Law
Advertisement

Recommended Tutorials

Myopic Rhino
The Future of PC Gaming Graphics and GPU Programming
Spunya
Making a Game with Blend4Web Part 4: Mobile Devices General and Gameplay Programming
gdarchive
Autodesk Maya 2014 Review Visual Arts
Myopic Rhino
Resource Files Explained General and Gameplay Programming
Myopic Rhino
The Physics of Racing, Part 11: Braking Math and Physics

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top