What is the best way to encrypt data in an application

I am trying to find the best way/practice for having a resource file shipped to a user as cipher text. And decrypt these cipher in the software itself:

  • I have an XML file containing data.
  • I don't want the user to be able to read this file.
  • I use RSA algorithm to encrypt/decrypt the data
  • I want the software to be able to decrypt the file and read it like it would with a plain text file.
  • So far, I was thinking about having the private key stored as a string in the application, and the public key distributed in a file alongside with the executable.

    My concern is: is it secure, and is there other practice that would be better in this kind of case?


    No, it's not. Nothing stops the user from extracting the private key from the executable or from extracting the decrypted data from memory.

    There may be a solution given the detailed specifics of your use case, but the general problem is provably unsolvable. The user has the software. The software has everything it needs to decrypt. Therefore, the user has everything they need to decrypt.

    链接地址: http://www.djcxy.com/p/67700.html

    上一篇: 从Java程序中存储/读取敏感数据

    下一篇: 在应用程序中加密数据的最佳方式是什么?