add an option to encrypt a resource #46
Comments
|
As a workaround, why not just do it manually? In my opinion file encryption goes out of scope for this project and would make no sense anyway, since to decrypt this data you have to ship key with resources. |
|
I would vote for this feature, simple xor would be enough for my use case. |
|
Obfuscation would probably be a good middle ground. A simple XOR cipher with an 8-bit key would be great. Anything that makes it less easy do something like: In the case of having an XOR key, I would leave the "decrypting" to the calling environment. auto fs = get_filesystem();
auto key = fs.get_key() /* uint8_t */;
auto f = fs.open("some_file.bin");
for (auto a : f) {
auto b = reinterpret_cast<unsigned char>(a) ^ key;
/* b is original file byte */
}Or perhaps have a function to optionally "decrypt" everything: auto unpack(const cmrc::file& f, const uint8_t key) -> std::vector<char>
{
std::vector<char> output(f.size());
auto op = [key](auto c) { return reinterpret_cast<char>(reinterpret_cast<uint8_t>(c) ^ key); };
std::transform(f.begin(), f.end(), output.begin(), op);
return output;
}While it's obviously not meant for protecting things like private keys, it can be useful for adding some protection to software IP. There are files like shader source code or ONNX models that take a lot of time and money to develop. You may not want to offer them up on a silver platter. |
|
tks @tay10r and @xiaozhuai
Apparently I m not the only one thinking it s in the scope
not necessarily: the decrypt key could come at runtime from a license. |
|
Supporting any modifying to the resource file is tough. There's two parts to supporting something like this: EncryptionCurrently, by design, the conversion of the resource file to a C++ file that can be compiled is done entirely in CMake. This is convenient specifically because in cross compiling environments, nothing special has to be done. Whereas having a compiled program do the conversion will break everytime your building for a different instruction set. So if the file either gets encrypted using AES or a simple XOR mechanism, it needs to be done on in CMake's script mode (the function that does this is at the top of You could also do it by using Another option would be to submit a patch to support a variant of the DecryptionThere are a few issues to consider when supporting decrypting of the encrypted resource file. If it's XOR, then the solution is pretty straight forward. No dependencies, no fuss. With AES, it's less simple. There are several crypto libraries out there. Personally I've used OpenSSL and mbedTLS, but there are probably more. OpenSSL is pretty popular, but is an absolute pain to build on Windows and I'm not entirely sure if it works on MCUs. In any case, if you pick one, someone will eventually want support for the other. You could include a lightweight AES decrypt function, but in general it's advisable to use the more robust libraries for crypto. After doing a little bit more digging on what would go into it, I think the most sensible approach would be to submit a patch to support encryption (maybe even compression too) on strings. Something like: string(ENCRYPT ALGO <algo> KEY <key> IV <iv> <string> <out-var>)I would then leave the process of decrypting the resource file entirely to the caller, since the means of doing this is going to differ greatly depending on the platform and application. |
add an option to encrypt a resource using a given key
The text was updated successfully, but these errors were encountered: