加密和安全的 docker 容器 [英] Encrypted and secure docker containers
问题描述
我们都知道无法开源和自由分发软件的情况 - 而我就是其中一种情况.
We all know situations when you cannot go open source and freely distribute software - and I am in one of these situations.
我有一个应用程序,它由许多二进制文件(从 C 源代码编译)和将它们全部包装到系统中的 Python 代码组成.这个应用曾经是一个云解决方案,所以用户可以通过网络访问应用功能,但没有机会接触存储二进制文件和代码的实际服务器.
I have an app that consists of a number of binaries (compiled from C sources) and python code that wraps it all into a system. This app used to work as a cloud solution so users had access to app functions via network but no chance to touch the actual server where binaries and code are stored.
现在我们要提供系统的本地"版本.该应用程序将在我们的用户实际拥有的 PC 上运行.我们知道一切都可能被破坏,但至少希望尽可能保护应用免受可能的复制和逆向工程.
Now we want to deliver the "local" version of our system. The app will be running on PCs that our users will physically own. We know that everything could be broken, but at least want to protect the app from possible copying and reverse-engineering as much as possible.
我知道 docker 是一种很棒的部署工具,所以我想知道:是否可以创建加密的 docker 容器,而没有人可以看到容器文件系统中存储的任何数据?这个问题有已知的解决方案吗?
I know that docker is a wonderful deployment tool so I wonder: it is possible to create encrypted docker containers where no one can see any data stored in the container's filesystem? Is there a known solution to this problem?
另外,也许有一些众所周知的解决方案不是基于 docker 的?
Also, maybe there are well known solutions not based on docker?
推荐答案
你问的是什么叫混淆.它与 Docker 无关,是一个非常特定于语言的问题;对于数据,您可以随时进行任何您想做的修改,但是虽然您可以希望阻止攻击者,但它永远不会安全.即使是最先进的加密方案也无济于事,因为(您提供的)程序必须包含密钥.
What you are asking about is called obfuscation. It has nothing to do with Docker and is a very language-specific problem; for data you can always do whatever mangling you want, but while you can hope to discourage the attacker it will never be secure. Even state-of-the-art encryption schemes can't help since the program (which you provide) has to contain the key.
C 通常很难进行逆向工程,对于 Python,您可以尝试 pyobfuscate 和 类似.
C is usually hard enough to reverse engineer, for Python you can try pyobfuscate and similar.
For data, I found this question (keywords: encrypting files game).
这篇关于加密和安全的 docker 容器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
