This is a key distribution problem, if you store the key in the executable you should assume everyone already has access to the key. This is a different problem than "can someone get the key out of running memory". If you store the key in the executable, then an existential compromise of this key in any copy of the program compromises the secrecy of all past, present, and future processes that use this program. The point is, the key should be stored outside of the program.
Have you thought about having the program read in a passphrase, feeding it into a good key derivation algorithm, and then using that symmetric key to encrypt and decrypt your data (with something like AES GCM)? On Monday, June 13, 2016 at 9:01:48 AM UTC-7, Haddock wrote: > > Hello, > > I'm developing my own little encryption application in Go. The Go > application needs to know the key used for encryption and decryption. My > question is whether that key can be extracted from the Go executable > somehow through disassembly or looking at the applications memory or > something. I'm a complete Go beginner and know nothing about its memory > layout. So that's why I thought it's better to ask. > > Thanks, Haddock > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
