C++: How to Encrypt XML Configuration File

I have a proprietary application which uses an xml config. Currently I use boost::property_tree to read the xml file.

I would like to deploy both executable and xml file on a more public system and want to avoid anyone, including that system's administrator, from reading the xml.

Ideally, I would like to maintain the cl开发者_C百科ear text xml on my system so I can easily manually modify it. Then I would call some encrypt command on the file, deploy it on the more public machine and have the executable decrypt it on the fly. I'd use the same key and just hardcode it into the source of the executable.

Is this a reasonable approach? What is the easiest way to implement this? Is there a better way?

Since you're already using boost, you could always serialize it. If you use binary archives, the file will be essentially unreadable. I guess my follow-up question would be: do you also want it to be secure? Or just unreadable?

If the code runs on the client's machine, then in principle you can never prevent the data from becoming known, because it has to be on the client's machine. You can try to obfuscate, but ultimately the client will have to be able to read the data, so it has to know it.

If you were to simply embed an encryption key in your program, the client could just scan through the file and extract the key. If you work a bit harder you can make Skype, but even that has been deconstructed.

It all depends on the seriousness of your need to protect the data. If it's absolute, then you cannot do it, but if you just want to keep the casual visitor out, you could try and make it a bit harder... tell us some details if you're serious about this.

If your goal is to prevent someone from casual inspection, then that is a reasonable approach.

If you must ensure (for some weird reason) that the configuration cannot be read, it is a foolish errand, because the program can read it, so a user who is determined to do so can do it as well. Either by disassembling the program, or simply by doing a memory dump from the debugger. Having that said, a simple, lightweight encryption will be good enough, because even the toughest encryption will be broken in the same way.

You might also consider whether using an explicitly human-readable format such as xml is well-suited if you don't want people to read it.

I had a very similar case. I used a compression algorithm to store the file 'encrypted'. zlib can be used for C++. You can easily encrypt and decrypt your file, both from command-line and from code. To add some more 'security' you can xor the compressed file with a password.

This a both simple to implement and easy to use. Of course I won't use such method if my clients are hackers, or have a financial incentive to read the XML.