如何存储在应用程序的二进制秘密API密钥? [英] How to store a secret API key in an application's binary?
问题描述
我创建的Mac OS X上的Twitter客户端,我有一个秘密的消费者。这是我的理解,我不应该分享这个秘密键。问题是,当我把它作为一个字符串到我的应用程序,并使用它,就像这样:
I am creating a Twitter client for Mac OS X and I have a Consumer secret. It's to my understanding I should not share this secret key. The problem is that when I put it as a string literal into my application and use it, like this:
#define QQTwitterConsumerSecret @"MYSECRETYOUMAYNOTKNOW"
[[QQTwitterEngine alloc] initWithConsumerKey:QQTwitterConsumerKey consumerSecret:QQTwitterConsumerSecret];
这是我的应用程序的二进制的数据部分。黑客可以阅读,拆卸程序,等等。
It is in the data section of my application's binary. Hackers can read this, disassemble the application, etcetera.
有存储消费者的秘密任何安全的方式?我要加密呢?
Is there any safe way of storing the Consumer secret? Should I encrypt it?
推荐答案
有没有真正的完美的解决方案。不管你做什么,有人专门给它就能偷。
There is no real perfect solution. No matter what you do, someone dedicated to it will be able to steal it.
即使Twitter的iPhone / iPad的/ Android的/ MAC /等。已经有一个密钥,他们可能只是掩盖它在某种程度上。
Even Twitter for iPhone/iPad/Android/mac/etc. has a secret key in there, they've likely just obscured it somehow.
例如,你可以把它分解成不同的文件或字符串,等等。
For example, you could break it up into different files or strings, etc.
请注意:使用十六进制编辑器可以在二进制,这是最简单的方法读取ASCII字符串。通过将其分成不同的部分,或使用函数调用来创建密钥通常工作,使这一进程变得更加困难。
Note: Using a hex editor you can read ascii strings in a binary, which is the easiest way. By breaking it up into different pieces or using function calls to create the secret key usually works to make that process more difficult.
这篇关于如何存储在应用程序的二进制秘密API密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!