在C ++中隐藏加密密钥的跨平台方式?

时间:2021-12-22 12:10:25

My application needs to use a couple of hard-coded symmetric cryptographic keys (while I know that storing a public key would be the only perfect solution, this is non-negotiable). We want the keys to be stored obfuscated, so that they won't be recognizable by analyzing the executable, and be "live" in memory for as little time as possible - as to increase the difficulty of a memory dump retrieving them in clear-text. I'm interested in using C++ features (using some sort of scoped_key comes to mind). The solution must be portable - Windows, Linux, MacOS -, so it cannot take advantage of the operating system crypto API.

我的应用程序需要使用几个硬编码的对称加密密钥(虽然我知道存储公钥是唯一完美的解决方案,这是不可协商的)。我们希望将密钥存储为模糊处理,以便通过分析可执行文件来识别它们,并在尽可能短的时间内在内存中“活动” - 以增加内存转储在清除时检索它们的难度。文本。我对使用C ++功能感兴趣(想到使用某种scoped_key)。该解决方案必须是可移植的 - Windows,Linux,MacOS - 因此它无法利用操作系统加密API。

How would you go about designing such a system? Thanks a lot.

你会如何设计这样一个系统?非常感谢。

6 个解决方案

#1


your scoped_key can be simply a KeyHolder object on the stack. Its constructor takes the obfuscated buffer and makes a real key out of it and its destructor zeros out the memory and deallocates the memory.

你的scoped_key可以只是堆栈上的KeyHolder对象。它的构造函数接受混淆的缓冲区并从中生成一个真正的密钥,它的析构函数将内存清零并释放内存。

As for how to actually obfuscate the key in the binary, One silly choice you might try is put inside a much larger random binary block and remember its offset and size and probably XOR it with some short random sequence.

至于如何在二进制文件中实际模糊密钥,你可能尝试的一个愚蠢的选择是放在一个更大的随机二进制块中并记住它的偏移量和大小,并且可能用一些短随机序列对其进行异或。

If you do the XORing thing you can actually avoid ever having the real key in memory. simply modify the decryption to read a byte from the key and before using it, to XOR it with the appropriate value.

如果您执行XORing操作,您实际上可以避免在内存中使用真正的密钥。只需修改解密以从密钥中读取一个字节,然后在使用它之前,使用适当的值对其进行异或。

*Add here disclaimer on how foolish security through obscurity is*

*在这里加上关于通过默默无闻是多么愚蠢的安全性的免责声明*

#2


All you're going for here is security through obscurity. If you have one of us come up with an idea, you won't even have that.

你所要求的就是通过默默无闻的安全。如果你让我们中的一个想出一个想法,你甚至都没有。

John Skeet has a good article on this too.

John Skeet也有一篇很好的文章。

Do something random is all I can say.

我可以说,做一些随意的事情。

#3


Have you considered if this is actually the weak point in your program? Let's assume for the sake of argument that you're doing a license check - though other checks apply equally well. No matter how well hidden your key, and how well obfuscated your algorithm, at some point you have to do something like this:

您是否考虑过这实际上是您计划中的弱点?让我们假设您正在进行许可证检查 - 尽管其他检查同样适用。无论你的密钥隐藏得多好,以及你的算法如何混淆,在某些时候你必须做这样的事情:

if(!passesCheck()) {
  exit(1); 
}

Your potential adversary doesn't have to find the key, decrypt it, figure out the algorithm, or anything else. All they have to do is find the location in the code where you determine if the check succeeded, and replace the 'jnz' instruction with a 'jmp' to make the test pass unconditionally.

您的潜在对手无需找到密钥,解密密钥,找出算法或其他任何东西。他们所要做的就是在代码中找到确定检查是否成功的位置,并将'jnz'指令替换为'jmp'以使测试无条件地通过。

#4


You should look into Tamper Resistance software, such as Cloakware and Arxan.

您应该查看Tamper Resistance软件,例如Cloakware和Arxan。

TR is NOT cheap :)

TR不便宜:)

#5


If you do not take advantage of whatever platform you will run on, you cannot guarantee that you can effectively hide a symmetric cryptographic key in your program. You can assume that an attacker will have a debugger and will eventually figure out how to set a breakpoint in the function that has to use the key to decrypt. Then it's game over.

如果您没有利用您将运行的任何平台,则无法保证您可以在程序中有效地隐藏对称加密密钥。您可以假设攻击者将拥有一个调试器,并最终将弄清楚如何在必须使用密钥解密的函数中设置断点。然后它的游戏结束了。

#6


Why not look at steganography, as you can hide the key in an image. It is possible to find the key, but if the image doesn't follow an obvious pattern (such as an image of space would) then it may be harder. This can be cross-platform.

为什么不看隐写术,因为你可以隐藏图像中的键。可以找到密钥,但如果图像不遵循明显的图案(例如空间图像),则可能更难。这可以是跨平台的。

#1


your scoped_key can be simply a KeyHolder object on the stack. Its constructor takes the obfuscated buffer and makes a real key out of it and its destructor zeros out the memory and deallocates the memory.

你的scoped_key可以只是堆栈上的KeyHolder对象。它的构造函数接受混淆的缓冲区并从中生成一个真正的密钥,它的析构函数将内存清零并释放内存。

As for how to actually obfuscate the key in the binary, One silly choice you might try is put inside a much larger random binary block and remember its offset and size and probably XOR it with some short random sequence.

至于如何在二进制文件中实际模糊密钥,你可能尝试的一个愚蠢的选择是放在一个更大的随机二进制块中并记住它的偏移量和大小,并且可能用一些短随机序列对其进行异或。

If you do the XORing thing you can actually avoid ever having the real key in memory. simply modify the decryption to read a byte from the key and before using it, to XOR it with the appropriate value.

如果您执行XORing操作,您实际上可以避免在内存中使用真正的密钥。只需修改解密以从密钥中读取一个字节,然后在使用它之前,使用适当的值对其进行异或。

*Add here disclaimer on how foolish security through obscurity is*

*在这里加上关于通过默默无闻是多么愚蠢的安全性的免责声明*

#2


All you're going for here is security through obscurity. If you have one of us come up with an idea, you won't even have that.

你所要求的就是通过默默无闻的安全。如果你让我们中的一个想出一个想法,你甚至都没有。

John Skeet has a good article on this too.

John Skeet也有一篇很好的文章。

Do something random is all I can say.

我可以说,做一些随意的事情。

#3


Have you considered if this is actually the weak point in your program? Let's assume for the sake of argument that you're doing a license check - though other checks apply equally well. No matter how well hidden your key, and how well obfuscated your algorithm, at some point you have to do something like this:

您是否考虑过这实际上是您计划中的弱点?让我们假设您正在进行许可证检查 - 尽管其他检查同样适用。无论你的密钥隐藏得多好,以及你的算法如何混淆,在某些时候你必须做这样的事情:

if(!passesCheck()) {
  exit(1); 
}

Your potential adversary doesn't have to find the key, decrypt it, figure out the algorithm, or anything else. All they have to do is find the location in the code where you determine if the check succeeded, and replace the 'jnz' instruction with a 'jmp' to make the test pass unconditionally.

您的潜在对手无需找到密钥,解密密钥,找出算法或其他任何东西。他们所要做的就是在代码中找到确定检查是否成功的位置,并将'jnz'指令替换为'jmp'以使测试无条件地通过。

#4


You should look into Tamper Resistance software, such as Cloakware and Arxan.

您应该查看Tamper Resistance软件,例如Cloakware和Arxan。

TR is NOT cheap :)

TR不便宜:)

#5


If you do not take advantage of whatever platform you will run on, you cannot guarantee that you can effectively hide a symmetric cryptographic key in your program. You can assume that an attacker will have a debugger and will eventually figure out how to set a breakpoint in the function that has to use the key to decrypt. Then it's game over.

如果您没有利用您将运行的任何平台,则无法保证您可以在程序中有效地隐藏对称加密密钥。您可以假设攻击者将拥有一个调试器,并最终将弄清楚如何在必须使用密钥解密的函数中设置断点。然后它的游戏结束了。

#6


Why not look at steganography, as you can hide the key in an image. It is possible to find the key, but if the image doesn't follow an obvious pattern (such as an image of space would) then it may be harder. This can be cross-platform.

为什么不看隐写术,因为你可以隐藏图像中的键。可以找到密钥,但如果图像不遵循明显的图案(例如空间图像),则可能更难。这可以是跨平台的。