Secure Encryption in programming

Question

What would be the most secure encryption method for the following:

• I have an exe that runs and takes a file, encrypts it, and overwrites the original file.

I see two issues with my own idea:

1. What kind of language could I use where the encryption key couldn't be extracted from the exe by the person running the file?
2. What do you think the most secure encryption method to make sure that the file can't be cracked without the key is? (that could be implemented in this language)?

Answer 1

Like most security problems, your question comes down to key management.

No key can be securely embedded in an executable, unless the key itself is encrypted. But then the executable needs to access that encryption key, and so on.

The only way to store a key securely is to put it where only authorized entities can access it. That comes down to selecting an appropriate storage system, which may be a database or file system with controlled access, or it may be in a human brain.

Many ciphers are both acceptably secure and readily available. One of the most common ones is AES, the Advanced Encryption Standard, which has been proven to be of military strength. The proper choice depends on the level of security you need; the amount of computing resources you're willing to invest in creating, storing, and using appropriate keys; and the amount of time your users are willing to wait for encryption/decryption.

Answer 2

There is no way to fully protect a key even if embedded in a bin exe. Why not have the users of the program provide the enc/dec key and leave the key protection to the users? FYI, most modern algos are fine the trick is key bit length (the more bits the better) and key protection to ensure that the output can't be deciphered.

Answer 3

If you don't want anybody to be able to extract the encryption key from the executable, the key will need to be encrypted itself, possibly with a password. Of course, anybody with the password will be able to get the key. There is no way to permit somebody to encrypt something without giving them access to the key they're using.

If what you really want to do is let people encrypt files, but not let them decrypt them, public key cryptography is what you're looking for.

Answer 4

If your problem is encrypt some content and protect the secret because with this secret someone can decrypt some file try to use some algorithm with public/private key like RSA. There are libraries in many languages who can use RSA.