how to protect source code
335 views
Skip to first unread message
bbb tt
Mar 17, 2022, 9:46:31 AM3/17/22
to golang-nuts
I want to encrypt my algorithm library, is there any good way in Go. My library is used in both Windows and Linux
wagner riffel
Mar 17, 2022, 9:57:29 AM3/17/22
to bbb tt, golang-nuts
On Thu Mar 17, 2022 at 10:30 AM CET, bbb tt wrote:
> I want to encrypt my algorithm library, is there any good way in Go. My
> library is used in both Windows and Linux
>
No, and honestly, that's a waste of time, the only real protection you
> I want to encrypt my algorithm library, is there any good way in Go. My
> library is used in both Windows and Linux
>
have for your code is your country laws.
-w
Ian Lance Taylor
Mar 17, 2022, 9:30:21 PM3/17/22
to bbb tt, golang-nuts
On Thu, Mar 17, 2022 at 6:46 AM bbb tt <fort...@gmail.com> wrote:
>
> I want to encrypt my algorithm library, is there any good way in Go. My library is used in both Windows and Linux
For a security issue like this it's essential to define the attack you
>
> I want to encrypt my algorithm library, is there any good way in Go. My library is used in both Windows and Linux
want to defend against.
The nature of Go is such that against a sophisticated attacker the
best you can do in practice is to hide source code comments, or to run
your program only as a secure service that is only accessible over a
network. And to do that you don't need to do anything special at all.
Ian
Zhaoxun Yan
Mar 17, 2022, 10:33:21 PM3/17/22
to golang-nuts
I think it is best to run your code on an encrypted disk. So it cannot be stolen by taking away the hard-drive.
Furthermore if the config and log files are in other folders, it is okay to shut down the encrypted drive I guess.
In that case even it is running in memory, the hacker cannot get access to the program file on removed encrypted disk.
Beyond that, there is few software in the world up till now I believe, could decode your program back to go source code.
And it is a better practice to put all the codes together rather then dividing it to smaller pieces to make more complexity.
Zhaoxun
Holloway Kean Ho
Mar 18, 2022, 1:45:43 PM3/18/22
to golang-nuts
>I want to encrypt my algorithm library, is there any good way in Go. My library is used in both Windows and Linux
I'm assuming you're doing it for scalable distribution since Zhaoxun already answered local development environment. In this case it makes no sense as I can still use disassembler to reassemble your source codes after the decryption, either by software or many ways of reverse engineering techniques. Moreover, you will attract A LOT of insider threats (as in legit customers paid to reverse engineer your stuff, out of profits or curiosity). There were technologies in the past but highly I doubt they will work: hardware lock fuse bit and now TPM.
The only option I can see is host your library inside your own infrastructure and offer to client as an API services via network. That you can secure both binary and source codes forms within your own control while your customer enjoys your algorithm services. Otherwise, your business and marketing strategy have to step in. You can consult Spotify, and Google Cloud Key Management idea.
Don't rely on legal filing or copyright pursue unless you got 7 digits budget cash-ready to pay your attorney. It's not cheap and is a time-consuming process.
Regards,
Holloway
Reply all
Reply to author
Forward
0 new messages