Hi Dillon! I was trying to hide the code (and the keys) inside an encrypted code- blocks ( something like this: http://www.codeproject.com/KB/tips/Self-generating-code.aspx) -- thenndynamically load the compiled (OK -- say, keys.dll) binary. What do you think?
compression? hum -- but I still need a password to open it right? Where should I put the password? :-) Cheers, Dio On Feb 26, 7:55 am, Dillon Beresford <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dio wrote: > > Hello! > > > I need to store my private key in secure and best way. However, I > > don't want to put it in a dongle or smartcard or anything related. I > > need to put that along with (inside) the 'executables' (fight against > > the disassembler). Any suggestions? > > (Registry? oh c'mon that's just for Windows) > > Dio - If your going to store the key inside an executable you should > compress it with a commercial packer which allows wrapping of API, > Anti-Debugging tricks to prevent the executable from being debugged, > dumped and fixed. I would suggest searching for some software that > will allow you to do this. You can always inline some asm code into > your project with some anti-debugging tricks but to be honest most of > them are very simple to patch and hiding a debugger is even easier > with the amount of plugins that allow this. Your best bet is to pack > the binary and use a dynamic stub. > > There are a few commercial protection and compression tools available > on the net some free and others not. I'm not going to suggest any > commercial applications or endorse them because I know how easy it is > to unpack. If you have the patience and the time you might want to > develop your own tool to do achieve both compression/protection and > loading. I take it your wanting to manage the key inside a PE? > > Let me know how it works out! > > Good Luck. > > Dillon > > > > > Thanks! > > > Best, > > > Dio > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org > > iEYEARECAAYFAkmlzHMACgkQRnxC5lZRuuEaCwCgnL3f+MUKZSFgq3bbVU6gjfpq > S3EAoL27WBJw/+6qz2REe0DjvNDtjhl9 > =7ZT6 > -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
