You're right, even if you aren't planning to share the program, it's still a good idea to separate the key from the executable. For one, the executable is bigger and harder to keep secret than a few bytes of data. It's generally frowned upon to bundle the two since the secrecy should rely solely on the key.
If you don't like passwords, you can store the key on a flash drive as a file or even write it directly to the underlying block device. On Monday, June 13, 2016 at 10:12:25 PM UTC-7, Haddock wrote: > > Thanks for all the useful answers. All I want to do is to create an > encryption program for simple home computing purposes. I once lost some > encrypted files, because I lost the password. I think I did a typo when > typing it in and didn't realize. So I thought I write my own encryption > programm with a catch-all password in it. That might be a very bad idea now > ... > > I first wanted to use Java as I'm used to it. But Java code cannot be > encrypted to hide the encryption key, because the Java byte codes would > then become unreadable for the JVM. So I thought of something else. I > thought of moving the key to some server. But then I would be dependent on > some server and the Internet being reachable in order to decrypt my things > (password files, etc.). > > Seems like the best solution would be to store the key in a separate file, > though I don't understand exactly how this makes things better. Having the > key in a separate file means that the decrypted blank key is only visible > from within the running encryption programm for a very short moment. Is > that the idea? Maybe have a solution that first looks for a local key file > and only checks some server for it when locally not present. > > Regards, Haddock > > Am Montag, 13. Juni 2016 18:01:48 UTC+2 schrieb Haddock: >> >> Hello, >> >> I'm developing my own little encryption application in Go. The Go >> application needs to know the key used for encryption and decryption. My >> question is whether that key can be extracted from the Go executable >> somehow through disassembly or looking at the applications memory or >> something. I'm a complete Go beginner and know nothing about its memory >> layout. So that's why I thought it's better to ask. >> >> Thanks, Haddock >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
