Hi,
I want to store an OpenSSL certificate on my client, it’ll be required by my server (only clients with my SSL certificate can join the ‘official’ server, for example)
My question is, is it possible for someone to ‘crack open’ a p3d file and find my cert.pem file inside?
Am I going about this all wrong? suggestions?
Yes. It is possible to crack open a p3d file; it’s not even very hard (the multify tool will operate directly on a p3d file).
You can try harder to obscure it or hide it, but you can’t make it impossible. The sad fact is, there is absolutely no way to add credentials into your own program where a hacker cannot steal them and use them for a hacked program.
David
Thanks for the quick reply David!
Just brainstorming here, the SSL library I’m using needs a file pointer… I guess the best way to secure the key would be to create a fake file pointer, that way it’s at least in the (python compiled) program, yeah?
If you just want to obscure the pem file, you could use the multify tools to encrypt it in-place. This is a little bit clumsy because packp3d and ppackage don’t support this automatically, so it means you have to add the pem file as a separate step afterward. Use packp3d to build a p3d file, and don’t use the -S option, and omit the pem file so far. Then use the command:
where mysignature.pem is the file for signing the p3d file itself, and myfile.pem is the secret file you want to add encrypted.
Then, in your Python code, you will need to do this:
for mount in vfs.getMounts():
if hasattr(mount, 'getMultifile'):
mount.getMultifile().setEncryptionPassword('mypassword')to set the password for decryption.
Now your Python code can open and read myfile.pem, and it will be a little bit harder for someone to extract it from your p3d file. But still not really very hard, for anyone who is willing to examine the compiled Python code.
David