0

I am doing a larger application which at some point would serialize/deserialize XML files. The problem is, that I need to make some of those XML files encrypted.

Basically, the encrypted one would be made by my professor for his students. It would be like a black-box, so my professor prepares a class in my application, serializes it and additionally, my app would encrypt the whole XML. Then student loads the XML to the application, but they don't know what's in it. I thought about a simple encryption, AES, whatever. I would store the key to encryption/decryption as bytes in my code.

But then it came to me, that every student could go for something like dotPeek, or something like this, disassembly my executable and then get the key and be able to decrypt every encrypted XML file. Now that is not something I can allow.

I was searching through the internet for possible solutions to my problem, but I couldn't quite find an answer.

Can you guys think of any way of doing that kind of thing? The app would be written in C# and would be running on Windows 7/10 if that matters.

dabljues
  • 1,663
  • 3
  • 14
  • 30

1 Answers1

0

If it is a multi-user application, then you need to ensure the ownership of the file by individual user authentication & authorization.

Server should be able to validate client incoming request and serve the authorized file accordingly.

Maintain different encryption keys for each user; this is to decrypt the file. Note that, having global-admin-enc-key is vulnerable in attack vector.

To prevent the code from re-engineered, you can obscure the code by obfuscation. It confuses the code for human. This thread also claims to have a protector. How to prevent decompilation of any C# application

Ashokan Sivapragasam
  • 2,033
  • 2
  • 18
  • 39