我可以安全地隐藏c#exe的加密密钥(以不能以任何已知方式反编译的方式),如C / C ++中那样? [英] Could I hide the encryption key of a c# exe securely (in a way that can't be decompiled in any known way), as in C/C++?
问题描述
例如,如果我想要解密一些使用c#的东西,一些密钥应该在代码中,使任何使用我的程序的人成为危险(有人知道使用我的程序加密文件的人可以通过研究我的MSIL代码来解密它,找到我的钥匙)。那么,加密/解密(或OpenSSL)的大规模应用程序的开发是疯狂的,因为这个原因,我认为, b
$ b
我的意思是说,不知道用什么语言来做这个exe,但是一大堆人能够编程nc#,而这个人的精英们可以读MSIL,而这个精英的一小部分想要破解有可能被黑客攻击的东西。在那些喜欢黑客的人中,有些人可以用不正当的意图(在一个无价值的世界,我们的生活不应该让任何人惊讶)。
所以,如果我想制作一个从互联网下载文件的程序,有人可能会干扰传输,做一些恶意,即使我使用OpenSSL与c#,因为c#文件中的某个地方是关键。我知道避免黑客可能是不可能的,但它看起来像c#是一个非常不安全的方式。
它是否发生在Java? (Java具有与C#相同的解释和反编译结构);我的意思是,关键是在Java(有一些教育的眼睛)可见的一些在建筑文件的哪里?或者Java使用一些基于C / C ++的API,使得更难(更难)反编译密钥所在的文件,从而难以获得密钥?
我唯一的选择是用c / c ++写我的程序吗?因为如果是这样,我唯一的选择是C ++ Builder,因为它甚至尝试观看(而不是学习)MFC / OWL代码;我的意思是:我不会想到有人会喜欢MFC / OWL编程。事实上,我想大会可能对今天的节目制作世界更感兴趣。
所以,在这里,我想找一个能够更好地解释我的方法存储用于加密/解密的安全加密密钥或使用带c#的OpenSSL。甚至用Java。我想确认C / C ++是真正使用这些功能的唯一方法,具有一些安全性用于反编译原因(作为其他编译编程语言,即Delphi)。
如果任何人知道一个网站,我可以找到关于我所做的微妙推理的精确信息(特别是在我的分析中显示错误的),请告诉我。如果有人可以确认我的分析,请确认。如果有人在我的分析中找到任何洞,请告诉我,以及在哪里可以找到更多的信息,让我更好地了解所有这些。
对不起使这个哲学的计算机编程问题很长。
谢谢,
McNaddy
我可以安全地隐藏ac#exe的加密密钥(以任何已知方式无法反编译的方式),如C / C ++? / p>
否。你不能用任何语言做到这一点。
.NET安全系统旨在从恶意代码保护良性用户。您正在尝试从恶意用户中保护良性代码。你根本不能这样做,所以不要试试。如果您有秘密,请勿与任何人共享。
加密的目的是利用一些私人的秘密键入文本的秘密。如果这不是你面临的安全问题,加密是错误的工具。 解释您实际遇到的安全问题,有人可以帮助您解决问题。
I love c# for programming applications (I consider myself intermediate with c#, and a bit less with C/C++, but am only learning, nothing real yet in the arena), and I used to like it until i discovered "anyone" who understand MSIL (not an easy task to learn neither) could decompile my code. I don’t really care about someone decompiling my code, but my utter concern is the security for my eventual program users. I know obfuscators exist, and I even know of one or two that are really good, I hear (even if they only delay a decompiling).
For example, if I want to decrypt something using c#, some where in the code the key should be, making it a danger for anyone who use my program (someone who know someone who encrypted the file using my program could decrypt it by researching on my MSIL code, finding my key). Then, the developing of massive applications that encrypt/decrypt stuff (or OpenSSL) is insane with c#, I think, for this reason.
I mean, most users won’t know what language was used to make that exe, but a bunch of people are able to program n c#, and an elite of this people can read MSIL, and a minority of this elite would like to hack what ever is possible to hack. Of those people who like to hack, some of them can do it with perverse intentions (in a value-less world where we live that shouldn’t surprise anyone).
So, if I want to make a program that download a file from the internet, someone could interfere the transmission and do some evil, even if I use OpenSSL with c#, because somewhere in the c# file is the key. I know avoiding hacking is probably impossible, but it looks like c# is a very unsecure way.
Does it happen with Java? (Java has the same "interpreting" and "decompile" structure as C#); I mean, the fact that the key is visible in Java (with some educated eye) some where in the building file? Or does Java use some C/C++ based API that makes it harder (way harder) to decompile the file where the key is and so making it hard to get the key?
Is my only option to write my program with c/c++? Because if so, my only option is C++Builder, since its a hell to even try to watch (and less to learn) MFC/OWL code; I mean: I cant hardly think of someone who could like MFC/OWL programming. In fact, I suppose Assembly could be of more interest in the today programming world.
So, here I am, wanting to find someone who could explain me better a way to store securely crypto keys for encrypting/decrypting or to use OpenSSL with c#. Or even with Java. I would like to confirm that C/C++ is the only way of really using these features with some security for decompiling reasons (as other compiled programming languages, i.e. Delphi).
If anyone knows a site where I can find precise information about the subtle reasoning I suppose I have done (specially one that shows am wrong in my analysis), please tell me. If any one can confirm my analysis, please confirm. If anyone find any hole in my analysis, again, please tell me, and where to find more information that rule me to get a better understanding of all this.
Am sorry for making this philosophical computer programming question that long.
Thank you,
McNaddy
Could I hide the encryption key of a c# exe securely (in a way that can't be decompiled in any known way), as in C/C++?
No. You can't do that in any language.
The .NET security system is designed to protect benign users from hostile code. You are trying to protect benign code from hostile users. You simply cannot do that, so don't even try. If you have a secret, do not share it with anyone.
The purpose of crypto is to leverage the secrecy of some private key into the secrecy of a text. If that is not the security problem you face, crypto is the wrong tool. Explain the security problem you actually have and someone here can help you solve it.
这篇关于我可以安全地隐藏c#exe的加密密钥(以不能以任何已知方式反编译的方式),如C / C ++中那样?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
