"Erron" == Erron Criddle <ejc(_at_)comasp(_dot_)com> writes:
Erron> To all, This is only slightly related to PGP, however:
Erron> I was wondering if there is some "standard" out there that
Erron> defines how a session key is stored/saved/hidden after a file
Erron> is encrypted and stored on a computer system using the same
Erron> key. Ideally, the only thing that *should* be able to decrypt
Erron> the file is the same computer program that generated the key.
No.
Done correctly, the only way to decrypt the file is for the human who
owns the key to supply that key.
That is the PGP way...
Erron> You can play around with binary files, the XOR function, CRC
Erron> checks, Hashing algorithms and a host of other "tricks" to
Erron> "make life very difficult" for the reverse engineer, however
Erron> is there a 100% secure way for an executable to encrypt and
Erron> store data (to be decrypted later on by the same program)?
No, there is not. That's why programs that offer real security DO NOT
DO THIS.
If you see a program that does do this -- i.e., can decrypt your
encrypted file without asking you for the key -- then it is by
definition insecure and should be thrown in the garbage can.
paul