Techniques for obscuring sensitive strings in C++

Question

I need to store sensitive information (a symmetric encryption key that I want to keep private) in my C++ application. The simple approach is to do this:

std::         


        

Answer 1

If you are on windows user DPAPI, http://msdn.microsoft.com/en-us/library/ms995355.aspx

As a previous post said if you are on mac use the keychain.

Basically all of these cute ideas about how to store your private key inside your binary are sufficiently poor from a security perspective that you should not do them. Anyone getting your private key is a big deal, don't keep it inside your program. Depending on how import your app is you can keep your private keys on a smart card, on a remote computer your code talks to or you can do what most people do and keep it in a very secure place on the local computer (the "key store" which is kind of like a weird secure registry) that is protected by permissions and all the strength of your OS.

This is a solved problem and the answer is NOT to keep the key inside your program :)