How can I hide my AWS S3 passkey and secret code in C ++?

Question

How can I hide my AWS S3 passkey and secret code in C ++?

I use AWS S3 in my C ++ application to upload and download files. I have included the passkey and secret in my code, but I am worried that someone might read them from the binary. Is there any standard method for obfuscating them?

Update: I do not run this application on a PC, it is actually on the built-in device, so I don’t worry about users reading the key and secret from a file or RAM (access to the device is much more difficult). It bothers me that someone hits our update file and pulls out the key and secret from the binary file.

+5

c ++ amazon-s3

parsley72 Dec 15 '15 at 7:28

source share

2 answers

Giorgi moniava · Answer 1 · 2015-12-15T07:57:30+0000

Keeping your computer secure is not an easy task. One thing you can do is encrypt the key with a password and save the encrypted data in a file. Then, when the user enters the password, you can decrypt the encrypted data with the password and extract the key that you can use.

But this approach will not work for scenarios in which the software should run without user intervention.

seamaner · Answer 2 · 2015-12-15T07:53:19+0000

It is better not to store keys in code. Enter if necessary.

If the code is stored in code, do not keep the key in a simple line. Store it in some template and, if necessary, generate a key using some algorithm.

How can I hide my AWS S3 passkey and secret code in C ++?

More articles: