That sounds great. I haven't had time to continue working my original
idea of encrypting the binaries. I'll probably back into
development after March. I'm working on my CCIE so I don't have much
free time with my current employer.
I think the addition of encrypted .pyc is a great feature to have.
-William
Giovanni Bajo wrote:
Hello,
I'm going to work on implementing crypting support for the packaged
executable. The idea is that the .pyc files will be crypted with a simmetric
cipher (say, Rijndael/AES) and the bootloader will use an external key to
decrypt and run the executable. Fair warning: I'm *no* crypt expert.
Open issues (suggestions are welcome):
- How key feeding should work? My current plan is to require a file called
"executablename.key" in the same directory of the executable, containing the
key in a text format (it's going to be 128/192/256 bits, or so). I was
thiking of something like a .ini format. Of course, users can always
customize the bootloader themselves for specific uses, so I'm just looking
for a generic good-enough solution. Also additional program-specific
information can be stored in the .ini file.
The .ini sounds fine or even just have a --key flag added to the binary.
- Should we crypt only .pyc/.pyo files or also .pyd/.so/.dll? Besides speed
issues which I don't consider very important (since block ciphers are pretty
fast), I am a little worried about secutiry holes. The plaintext version of
most binary files could be easily found (say, all the standard modules
shipped with Python) so this could compromise the key. Maybe this could be
made an option.
We could decrypt to memory and execute only in memory. (But root or
something similar will always be able to read it). It will be something
like creating a virtual I/O device in memory. Like it can be done with
ramfs. Now, will it really worth the effort right now? I'll say, lets
keep it simple for now.
-W
_______________________________________________
PyInstaller mailing list
[email protected]
http://lists.hpcf.upr.edu/mailman/listinfo/pyinstaller
