Hello, > If your users are not technically sophisticated, and the application is > aimed at paying business customers and not the general public, it is > enough to compile the key into the application. Businesses don't like > being caught stealing. > > If or users are the general public and/or they are strongly motivated > to attack the application, then it is only a matter of time... > > They can usually not only replace the public key, but also simply remove > the code that performs the signature checks, ... > > There are companies selling something called "white-box-cryptography". > They have keyed self-obfuscating code, where it is difficult to analyze > the control flow of the application, and the encryption is built in > the structure of the binary rather than merely being data. Their target > market is DRM. > > Perhaps you are looking for something like that. Don't recall any specific > names, but the term should get you started in the right direction. This > is not an endorsement of the security of their products, I don't know > enough to endorse or condemn them. You may also look at "Secure Programming Cookbook for C and C++" chapter 12 with TOC: Chapter 12. Anti-Tampering 12.1 Understanding the Problem of Software Protection 12.2 Detecting Modification 12.3 Obfuscating Code 12.4 Performing Bit and Byte Obfuscation 12.5 Performing Constant Transforms on Variables 12.6 Merging Scalar Variables 12.7 Splitting Variables 12.8 Disguising Boolean Values 12.9 Using Function Pointers 12.10 Restructuring Arrays 12.11 Hiding Strings 12.12 Detecting Debuggers 12.13 Detecting Unix Debuggers 12.14 Detecting Windows Debuggers 12.15 Detecting SoftICE 12.16 Countering Disassembly 12.17 Using Self-Modifying Code
but of course this is no real security but this only makes hard software hackers job. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
