保护API密钥在胖客户端应用程序 [英] Protecting API Secret Keys in a Thick Client application

问题描述

在一个应用程序，我有密钥用来计算一个哈希API调用。在.NET应用程序是相当容易使用反射像一个程序从组件拉出来的信息，包括这些键。

Within an application, I've got Secret Keys uses to calculate a hash for an API call. In a .NET application it's fairly easy to use a program like Reflector to pull out information from the assembly to include these keys.

时的混淆装配确保这些键的好办法？

Is obfuscating the assembly a good way of securing these keys?

推荐答案

大概没有。

看密码学和Windows内置的信息隐藏机制（DPAPI和存储在ACL限制的注册表项键，例如）。这是一样好，你会得到你需要保持在同一系统上您的应用程序的安全性。

Look into cryptography and Windows' built-in information-hiding mechanisms (DPAPI and storing the keys in an ACL-restricted registry key, for example). That's as good as you're going to get for security you need to keep on the same system as your application.

如果你正在寻找一种方式来阻止别人从身体让你的信息坐在机器，算了吧。如果有人决心，并有这不是你的控制下的计算机无限制的访问，有没有办法可以肯定100％，该数据在各种情况下的保护。谁是确定有人会得到它，如果他们想。

If you are looking for a way to stop someone physically sitting at the machine from getting your information, forget it. If someone is determined, and has unrestricted access to a computer that is not under your control, there is no way to be 100% certain that the data is protected under all circumstances. Someone who is determined will get at it if they want to.

这篇关于保护API密钥在胖客户端应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！