Lets suppose that we have the next string:
13:45:11:17:-65:107
This string is a product of RSA crypting. Each number is a byte of a crypted info.
We crypted it by a public key. After that we decide to “hide” it, the next way:
1=q,3=f,4=d,5=o,7=y,6=p,0=b,-=u,:=t;
and we have the next string, after all:
qftdotqqtqytupotqby
Supposing that server side will unhide this string by the reverse way. And decrypt by private key.
So i’m asking: if somebody steal this string, but he hasn’t any access to our software. He has just a string – qftdotqqtqytupotqby
Is there possibility for him to understand that
qftdotqqtqytupotqby = 13:45:11:17:-65:107
If you make the assumption that the attacker cannot access your software and therefore all he has is some ECB (subsitution ciphered) encoded RSA crypttexts, than the answer is no he can’t reverse it. (This assumes the RSA crypttexts are effectively byte-wise “pseudo random” without the secret key. If they have some plaintext predictable header information than the ECB could be attacked.)
This is however a very weak attacker position to be considering. In general you should assume an attacker has a copy of your software, otherwise every copy of your software is in effect a secret master key for the whole system.
I would favor using AES with a compiled in secret key to your homebrew ECB. At least that restricts the secret to the key and not potentially the whole software package. You could also use this technique to compartmentalize the security risk to just software packages with the same compiled in key.