licensecc icon indicating copy to clipboard operation
licensecc copied to clipboard
verified publisher icon open-license-manager

Log encryption

Open open-license-manager opened this issue 11 years ago • 1 comments

Log strings are one of the most easy point of attack and debugging of the code.

Log strings should be encrypted during the bootstrap phase and decrypted by an executable and/or by the php backoffice.

open-license-manager avatar Oct 15 '14 19:10 open-license-manager

Here is a preliminary article on string encryption (for visual studio). Strings are encrypted before compilation time and decrypted at execution time.

http://www.codeproject.com/Articles/502283/Strings-Obfuscation-System

In our case log strings are obfuscated before compilation, and must remain encrypted at execution time. This arises problems with formats specifiers included in log strings ("%s %d") that are unknown at execution time when we have to write the log.

(since the complexity of the issue maybe an external project could be an idea)

The external project should provide:

  • A tool to encode extract log strings from a c/c++ software and store them into a database.
    • the same tool should be able to generate a public/private key and keep track of the private key for logging decryption.
    • Include with macros for logging.
    • the tool may generate also an include file that contains the public key for encryption. the external project should not provide a logging library as it will require to be recompiled by each client.

open-license-manager avatar Oct 17 '14 21:10 open-license-manager