Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a (planned) commercial program that is writing out a usage log. As part of their license, users will be required to submit the log back to the company every few weeks. How can I ensure the file has not been tampered with?
System is being written in C# and Winforms or WPF.
Update: Hmmm… quite surprised that How to make a file tamper proof? is considered an “exact duplicate” of What technique can protect a secret from a fully trusted user? Anyway, the tribe has spoken.
As Ken mentioned, this is the same problem that DRM systems have. They use a variety of techniques to store keys where users won’t (easily) be able to find them. You’d be combining a digital signature scheme with an overly-complex scheme for storing the key. Split it into multiple pieces, scattered over the user’s system – some parts in the registry, some in files on the filesystem, some encoded in the modification dates and filenames of various innocent-looking files. Also, make the DRM subsystem of your code intentionally obscure, and difficult to debug.
Another alternative would be to send signature data to some remote system periodically (if you can depend on having an internet connection).