How to store encryption key in safe (C++)?

Question

I want to use xxtea for data encryption/decryption in my game.

Here is the example of library usage:

#include <stdio.h>
#include <string.h>
#include <xxtea.h>

int main() {
    const char *text = "Hello World! 你好，中国！";
    const char *key = "1234567890";
    size_t len;
    unsigned char *encrypt_data = xxtea_encrypt(text, strlen(text), key, &len);
    char *decrypt_data = xxtea_decrypt(encrypt_data, len, key, &len);
    if (strncmp(text, decrypt_data, len) == 0) {
        printf("success!\n");
    }
    else {
        printf("fail!\n");
    }
    free(encrypt_data);
    free(decrypt_data);
    return 0;
}

How to keep the key itself in safe then?

Answer 1

As @ArtjomB notes, you would keep the key safe by not putting it into your program. During startup, an authorized user or security device will need to provide the key.

Anything that doesn't look like that is no longer encryption or security, it's some form of obfuscation. Obfuscation (or "DRM") can be somewhere between useless and somewhat effective depending on how much effort you're going to put into it versus how much interest there is in cracking it. What's your ongoing budget for improving this as new attacks come along? What is the sophistication of your expected attackers?

Apple (as one example) controls their hardware, firmware, and OS very tightly, and has a team entirely devoted to constantly improving that. The iPhone is generally jailbroken within a few weeks to months after new releases. You should consider that the best case scenario for an attractive target.

If you're thinking "well, what can I put together in an afternoon that will stop the ankle biters?" do whatever comes to mind. XOR it with some other hard-coded value. Maybe bitshift it or whatever. It won't help very much against anyone who cares, but it'll stop the most casual attacker, and at least you won't waste a ton of time and money on it.

Stepping up from that, look at your platform's built-in solutions. OS assistance is a big help. In particular, look at SLP Services on Windows. Mac provides licensing enforcement if you work through Mac App Store. Or you can look at commercial vendors like eSellerate who have their own proprietary solutions. SafeNet has several products . Of course all of these can be (and regularly are) defeated. But they're much stronger than whatever you're going to develop over a few days.

Any specific approach you get off of StackOverflow will be, by definition, useless. The only thing obfuscation has going for it is that its details are secret. If you know how it works, then you can beat it. That's what differentiates it from encryption. Good encryption is designed to be just as strong even if the attacker knows the entire algorithm. That's why obfuscation techniques are proprietary. They pretty much have to be. Which means you're either going to (a) quickly build a lousy one, (b) spend a lot of time and money building a slightly-less lousy one, or (c) spend quite a lot more money to get a somewhat-passable one from a vendor who specializes in these things.

(If you're asking this question on StackOverflow, there is absolutely no chance you are going to build a good one on your own. If you haven't cracked a few programs yourself, you're in no position to build something to stop others.)

Answer 2

It can't be done. For most cases what you can do is to mangle your key, break in words, split, mix, bitshift, xor, etc, etc... to make it harder. But nothing can prevent a very motivated hacker to reverse engineer your code and get the key.

The best solution for this case is called White Box Cryptography: https://en.wikipedia.org/wiki/Obfuscation#White_box_cryptography

The idea is kind of generating a binary code personalized for your encryption that replaces your function decrypt(cypher, key) by whitebox_decrypt(cypher) both returning the same result. The second function whitebox_decrypt does NOT contain the key itself, but a personalized algorithm that brings the same result as the original decryption function. Again: IT CAN BE REVERSE ENGINEERED as everything, but it's so so hard that really doesn't motivate anybody to do so.

However, this is something that is usually very expensive. I don't know any good thing for free. It's very used for protecting DRM content.

Answer 3

The best obfuscation is to compute the key at runtime. Eg you can calculate SHA1 or MD5 on a system string like "Press any key..." or "Error loading file". Then use the hash as XXTEA key.

Answer 4

This is not easy. I gave a similar answer some time ago. If your situation allows, you could encrypt the key using a password that user will enter and store the encrypted key somewhere.

Then when you need the key, you could enter the password and decrypt and use the key.

This way while your key is saved in an encrypted form, you are not afraid that someone will learn what it is.

Answer 5

An encryption key is a secret (this is a technical term that describes something that only the people who should know, know).

Storing a secret in a program is the same as writing it down on a piece of paper which you then fax to everyone in the world.

Ie It's not a secret any more.

The way you keep the key a secret is to require the user to enter it, and then delete all traces of it once you've performed the decryption.