07-26-2023, 10:39 PM
In my C application I have a decryption key that is used to decrypt sets in the database (username / password). Currently, I simply declared it with
char * key = "$$$secretSampleDecryptionKey$$$";
Shortly after that line, I prepare the SQL statement and then select from the DB. My question is, if someone was to debug my compiled application or dissassemble it, will they actually see the key? What can I do to hide it from them?
EDIT:
As Mark and Aaron pointed out, I can simply use the Linux / Unix strings command
strings nameOfApplication
to print out all the strings in my application, including the "secret" key.
EDIT 2:
The app runs on my server and the database stores sensitive customer data that is encrypted. I thought I was playing it safe by not having the key in a text file for everyone to read but compile it instead.
char * key = "$$$secretSampleDecryptionKey$$$";
Shortly after that line, I prepare the SQL statement and then select from the DB. My question is, if someone was to debug my compiled application or dissassemble it, will they actually see the key? What can I do to hide it from them?
EDIT:
As Mark and Aaron pointed out, I can simply use the Linux / Unix strings command
strings nameOfApplication
to print out all the strings in my application, including the "secret" key.
EDIT 2:
The app runs on my server and the database stores sensitive customer data that is encrypted. I thought I was playing it safe by not having the key in a text file for everyone to read but compile it instead.