Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In order to prevent somebody from grabbing my data easily, I cache data from my service as encrypted files (copy protection, basically).
However, in order to do this, I must store the encryption key within the .NET assembly so it is able to encrypt and decrypt these files.
Being aware of tools like Red Gate’s .NET Reflector which can pull my key right out, I get a feeling that this is not a very safe way of doing it… are there any best practices to doing this?
You have to decide what is an acceptable level of risk. There is no “safe” way of doing this.
If the risk of someone using reflector, or just opening up the assembly using the System.Reflection.Assembly class and grabbing the resource that way, is too great, then your next step is probably to download the key from the server when you start up.
Then someone will have to do something like debug while using your code and grab the key that way. You can expire stuff that is cached and swap out the keys. You can make it so that individuals each have their own keys to protect one user’s data from another user.
You can do a lot of stuff but if your goal is to keep someone from being able to decrypt information that an assembly you are putting on their machine has the ability to decrypt, you should know it’s pretty much impossible. All you can really do is elevate the cost of pirating your keys/data; you can’t stop it.