Home/ Questions/Q 351371
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T11:38:15+00:00

I have a Qt application written in C++ that uses a SSL-connection (QSslSocket) with

  • 0

I have a Qt application written in C++ that uses a SSL-connection (QSslSocket) with another application for extra security. However, the application has a private key embedded in it.

With applications like Process Explorer it’s really easy to fish out the private key. (Properties of file -> Strings)

Security is not very important for my application but it would be nice to make a little bit more difficult getting the private key from my application. Is there any way?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You may need of solutions to your problem from a different angle.

    I agree with Shoosh’s answer in that no matter what you do a person with the right tools and knowledge will be able to break your code and figure out your private key.

    What you need to do is either externalize the data or mitigate the risks if your private keys are found.

    The best way to externalize any private data is to encrypt it with a user supplied password that must be entered by the user to be used. Unfortunately this is not really reasonable for most applications.

    To mitigate the risks I normally try to ensure that only the one ‘install’ is compromised if the security is broken.

    For example, randomly generate the private key data on install.

    For client/server applications you could follow the https model and use public/private key communication to exchange a randomly generated encryption key.

    If each client install has there own public/private key set, then the server can tell what clients are connecting and also if there is a problem they can outlaw clients.

    Hope that helps.

    • 0