Techniques for obscuring sensitive strings in C++

Question

I need to store sensitive information (a symmetric encryption key that I want to keep private) in my C++ application. The simple approach is to do this:

std::         


        

Answer 1

One method I recently tried is:

1. Take hash (SHA256) of the private data and populate it in code as part1
2. Take XOR of private data and its hash and populate it in code as part2
3. Populate data: Don't store it as char str[], but populate on runtime using assignment instructions (as shown in macro below)
4. Now, generate the private data on run time by taking the XOR of part1 and part2
5. Additional step: Calculate hash of generated data and compare it with part1. It will verify the integrity of private data.

MACRO to populate data:

Suppose, private data is of 4 bytes. We define a macro for it which saves the data with assignment instructions in some random order.

#define POPULATE_DATA(str, i0, i1, i2, i3)\
{\
    char *p = str;\
    p[3] = i3;\
    p[2] = i2;\
    p[0] = i0;\
    p[1] = i1;\
}

Now use this macro in code where you need to save part1 and part2, as follows:

char part1[4] = {0};
char part2[4] = {0};
POPULATE_DATA(part1, 1, 2, 3, 4); 
POPULATE_DATA(part2, 5, 6, 7, 8);