I am developing a C# app that can NOT connect to the internet.

This app will produce a configuration file for my hardware.

what i want to be sure, is that when i give the configuration file to my assistant he doesn’t change it and puts in the hardware a file with different configuration.

To avoid this i am currently using a simple method.

1. In the code i’ve a key: abcd123

2. My application produce a configuration file and then:

3. HASH the configuration file and encrypts the HASH with the KEY: abcd123 stored in the
   string variable KEY

4. give the configuration file to my assistant who loads it in the hardware

now, the hardware has the KEY abcd123, it decrypts the config and HASH the payload. IF the 2 HASH are THE SAME i assume that my assistant did not change the configuration file.

What i am concerned about is that the KEY store in the code in .NET is very easy to recover without obfuscation.

I’ve thus bought Crypto Obfuscator, but i don’t know how much my key is secure.

I am not skilled enough to de-compile my program and see if the key is still in clear or not.

What methods can you suggest me to make me REASONABLY secure that my key is “safe” ?

I understand that a there is no way to secure it, but i just want a reasonable additional security to my automated obfuscation of which i dont know much.

I hope i’ve been clear but ask for clarification.