I wish to encrypt the contents of my program when the program is visited in Windows Explorer but I find that none of the files are encrypted once the program is installed. I have set encryption to yes and set a password but none of the files in any of the folders are encrypted. Besides setting encryption and setting a password, I'm not sure what else one can do to ensure encryption. Is there anything I'm missing?
Indeed, the Inno Setup encryption encrypts only the installer. The installed files are decrypted during installation. That's by design. How would your application be able to use them, if they were encrypted using a password the application is not aware of?
If you want to have the installed files encrypted, you have to encrypt them yourself before compiling the installer. And your application must prompt user for a password to be able to decrypt them.
You can also of course hard-code the password to your application. But that's not safe enough. There's generally no way to safely encrypt data in a way that allows automatic decryption.
Related
I would like to share my NodeRed Code in Github as part of an IOT project, however I would like to keep some of my data private (wifi password, database password, etc).
I could manually erase this information, but this would not be very practical, since I would have to do it every time I update the file.
In my python scripts I use os.environ.get to save my passwords and upload to GitHub securely.
¿Is there some way to set up Node-Red to easily push to GitHub without revealing sensitive information?
Node properties can be pulled from environment variables using the ${} syntax. This is implemented by the runtime so should work in all nodes. If the node uses the typed input widget then they should also support environment variables directly.
Details are in the documentation here: https://nodered.org/docs/user-guide/environment-variables
Secondly any node options that are explicitly tagged as credentials are stored in a separate encrypted file _creds.json. By default this is encrypted in a randomly generated key on first run and stored in a hidden file in the userDir, but you can set your own key in the settings.js file.
If you use the Projects feature to store your flows in a git repository then you will be prompted for the encryption key needed as part of setting up the project or when you check it out. Documentation for projects is here:
https://nodered.org/docs/user-guide/projects/
I have a question on deployment of .exe file developed using Go Language.
.exe files will be deployed on the customer machines. Which means the integrity of the files (the files are not corrupted, infected) is important.
What should be the approach to ensure that the .exe file is not infected, corrupted or replaced?
(for example
.Net binaries can be signed at compilation, which ensures integrity, and they can be digitally signed by a certificate, which ensures the source of the binary.)
Do we have any such precautions in Golang?
Thanks
Use installers such as Inno Setup, InstallShield or Wise Installer. They can check the integrity of the files before installation.
Inno Setup supports for digitally signed installs and uninstalls, including dual signing (SHA1 & SHA256).
InstallShield uses MD5 checks the integrity of the package.
It would appear that VS2012 uses PFX files for signing instead of SNK files. I get the impression this is related to delayed signing; but I don't care.
When I build my application, I can use "sn -tp <my assembly>" and see it is signed.
When I ilmerge the debug folder and use the /keyfile directive (the way I was successfully doing with SNK files), the DLLs merge into one unsigned DLL.
I have read articles suggesting clever workarounds, such as extracting the public key from the original DLL and then using this in the /keyfile directive...which also failed to allow me to create a strongly signed DLL.
So, what do I need to do to get ilmerge to work with the PFX file so that my assembly will be strongly typed?
Thanks
I recently was attempting to do just the same thing (this time with VS 2015, but I am sure the results are the same).
PFX files are password-protected by default and ILMerge (at the time of this writing) does not appear to support them.
Manual Signing
The "clever workaround" as you describe it is presented here, and it appears to be the only way to accomplish this:
>sn -p some.pfx some.pub
>ilmerge /keyfile:some.pub /delaysign /out:merged\some.dll some.dll
>sn -R merged\some.dll some.pfx
Note that extracting the public key from the PFX file requires user input - allegedly it was previously possible to pipe in the password, but the current version of sn.exe does not permit console redirection.
Automated (CI Build System) Signing
In order to strong sign ILMerged assemblies in an automated way, it is necessary to install they key on the local build machine. This still requires user input in the form of password input, but only has to be done once per build machine.
As before, we need to extract the public key from the PFX file (this only has to be done once, and the PUB file can be saved alongside the PFX or even checked-in to source).
Here is the one-time setup code (both require password input):
>sn -p some.pfx some.pub
>sn -i some.pfx SomeContainerName
During the automated build, it is now possible to run:
>ilmerge /keyfile:some.pub /delaysign /out:merged\some.dll some.dll
>sn -Rc merged\some.dll SomeContainerName
I'm making a vala application that stores user access credentials in a Gnome Keyring. If no keyring exists for the application, I'd like to create one; however, I would like to create a new keyring. Unfortunately, I don't know how to securely generate a password for the new keyring nor store it someplace so my application can use it later. As it is an open source project, I don't think I should hardcode it into my program and storing it in a hidden conf file would defeat the purpose of using the keyring.
How can I securely generate it and then store it?
I use IntelliJ Idea (Ultimate 9.0.3) on Linux at work, and our VCS is Subversion.
Idea proposes to store my SVN password but then tells me it is unable to store the password encrypted, and asks if I want to store it in plain text. Well, no. This is on an Ubuntu 10.04 install with Gnome Keyring available.
Any hints how I could convince Subversion and Idea to work securely together?
The best you can do is to vote for Linux/OS X Subversion credentials working only when stored in plaintext bug in the IDEA issue tracker.