How do you store the key used for resource file encryption?

yck1509 / ConfuserEx

An open-source, free protector for .NET applications

http://yck1509.github.io/ConfuserEx/

Other

3.56k stars 1.62k forks source link

How do you store the key used for resource file encryption? #546

Open amironoff opened 7 years ago

amironoff commented 7 years ago

Hi there,

Encrypting resource files obviously requires an encryption key. When you distribute the application, you need to distribute the key along, so that the app can still read its resources (which is the weak point in encrypting in the first place)

@yck1509, how do you approach this in ConfuserEx?

XenocodeRCE commented 7 years ago

https://github.com/yck1509/ConfuserEx/blob/master/Confuser.Protections/Resources/InjectPhase.cs#L79 https://github.com/yck1509/ConfuserEx/blob/master/Confuser.Protections/Resources/MDPhase.cs#L26

It creates a .NET module file which contains only your file's resources, and inject it at runtime.