堆栈内存溢出
  简体   繁体   English

如何使用.NET中的二进制文件安全地分发密钥?

[英]How to distribute keys securely with binaries in .NET?

 原文  2010-07-30 14:07:59       .net/ cryptography/ software-distribution

问题描述

Can I distribute a .NET app that uses a key that the user can't access, but the app can? 我可以分发使用用户无法访问的密钥的.NET应用程序,但应用程序可以吗?

Note that I am using the word distribute in the sense that the application is delivered to run in the user's computer, not in a cloud or cluster. 请注意,我用的是在这个意义上分发的应用程序交付到用户的计算机上运行,而不是在云或群集。

4 个解决方案

解决方案1
 6 已采纳  2010-07-30 14:09:40

Anything in your application can be accessed by a skilled enough user. 应用程序中的任何内容都可以由熟练的用户访问。

This is why games and the like moved from storing key algorithms inside the program to verifying with an outside, game manufacturer owned server. 这就是为什么游戏等从在程序中存储密钥算法转移到使用外部游戏制造商拥有的服务器进行验证的原因。

If you're just trying to keep out the average joe, just hash it and store it like any other variable..like a padlock on a door, it won't keep out the determined user, but keep honest men honest. 如果你只是试图阻止普通的乔,只需将其哈希并将其存储为任何其他变量......就像门上的挂锁一样,它不会阻挡确定的用户,但保持诚实的人诚实。

解决方案2
 2  2010-07-30 14:11:55

There's two general answers to your question. 你的问题有两个一般的答案。

If your question is this: 如果您的问题是这样的:

Is it possible for me to pass a key alongside my executable in any way that makes it 100% impossible for any user to access, but still my program can access it? 我是否有可能以任何方式将密钥与我的可执行文件一起传递,使得任何用户都无法访问该密钥,但我的程序仍然可以访问它?

Then the answer is this: No, you can't. 然后答案是:不,你不能。

Anything your code can do, the user can potentially do as well. 您的代码可以执行任何操作,用户也可以执行此操作。

All you can do is make it hard for the user. 您所能做的就是让用户难以接受。 Encrypt it, hide it. 加密它,隐藏它。

If your question is this: 如果您的问题是这样的:

Is it possible for me to pass a key alongside my executable in any way that makes it very unlikely that my users can access, but still my program can access it? 我是否有可能以任何方式传递一个密钥与我的可执行文件,使我的用户不太可能访问,但我的程序仍然可以访问它?

Then the answer is this: See answer to the first case, in particular the part about making it hard for the user. 然后答案是这样的:见第一个案例的答案,特别是关于让用户难以理解的部分。

解决方案3
 1  2010-07-30 14:11:33

Depending on what you are trying to encrypt, you would deliver the public key, retaining your private key and you could distribute it freely. 根据您尝试加密的内容,您将提供公钥,保留您的私钥,您可以自由分发。 What are you trying to accomplish exactly? 你想要完成什么?

解决方案4
 1  2010-07-30 14:11:40

Not really. 并不是的。 You can make it annoying to retrieve the key, but if it can be used by the program, the user can inevitably read it as well. 您可以使检索密钥变得烦人 ,但如果程序可以使用它,则用户也不可避免地会读取它。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 分发 .Net 二进制文件和 PDB 的最佳方式是什么? - What is the best way to distribute .Net binaries and PDBs? 如何在安装程序中分发.NET 4 - How to distribute .NET 4 in an installer 如何使用.NET Core Web应用程序分发数据保护密钥? - How does one distribute Data Protection keys with a .NET Core web app? 如何安全设置重置密钥和登录令牌? - How do i securely make reset keys and login tokens? 您如何分发.NET应用程序? - How do you distribute a .NET application? 如何分发使用 COM 组件的 .NET 应用程序? - How to distribute a .NET application that uses a COM component? 如何构建两个二进制.NET Core 2控制台应用程序 - How to build two binaries .net core 2 console app .NET在命名空间之间共享类,如何分配它们? - .NET shared classes between namespaces, how to distribute them? 如何将带有 .Net 应用程序的 Python 作为一个安装可执行文件分发? - How do I distribute Python with a .Net application as one installation executable? 如何分发与Oracle通信的.NET Windows Forms应用程序? - How to distribute a .NET Windows Forms application that talks to Oracle?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM