我们已经创建了一个类似 adobe reader 的应用程序来读取一种特殊的加密文档文件格式,这种文件格式只能由我们的应用程序识别。
我们想要做的是让用户使用他/她的帐户从网站购买应用程序,然后我们将让他/她使用该程序下载该文档并开始阅读。
这是我们的担忧:
1) document files should not be read in another user computer which means if user1 gives the raw downloaded file to user2 which has our application in his/her own computer the second user must not be able to read that file
2) after users download their files, they can just read those file offline (not constantly be online to be able to read)
3) this security must not break down easily because these document data are vital & the user information & application must not be hacked and cracked !
4) maybe later we want to have our android/IOS version so the solution must be cross platform
5) solution like providing login mechanism for each document won't work because users are able to give the copy of their own files together with their username & password to other users.
6) file encrypting mechanism must not break down by crackers so that they just decrypt the document & post the free version all around the internet
您有什么编程方法、安全机制或建议吗?
最佳答案
您可以使用公钥(或非对称)密码术。您使用用户的公钥加密文档。然后只有有权访问私钥的人(理想情况下:只有用户)才能解密它。
但是,如果用户有权访问他自己的 key (他应该),没有什么可以阻止用户解密文档并与他人共享(或与他人共享他的私钥)。
最后:如果用户或程序需要访问未加密的产品,而用户对保护文档安全没有兴趣,那么保密性可能会被破坏——如果产品足够有趣的话——将会被破坏。
关于C#应用程序破解,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15977395/