When you protect your intellectual property using code encryption you probably want your customers and/or competitors are unaware of how your code works inside. But at the same time your encrypted code should intercommunicate with other (not encrypted) parts of your application. So we can consider your assembly for encryption as a black box which has some interfaces (properties and methods) which are used to communicate with outside world.
What is a best practice to create those “black box”? I could recommend you some rules which help you to create good assembly for encryption.
First of all we should detect what data types (mostly it concerns to the classes, interfaces and exceptions) will be used from both (encrypted and not encrypted) parts of your application and then decide where and how they will be declared.
Your encrypted assembly shouldn’t declare publically visible interfaces. For example, class in your encrypted assembly implements interface which than is used in the not encrypted code. In this case you should define that interface in the separate assembly and reference it from the projects of the encrypted and not encrypted assembly:
If your encrypted assembly uses delegates which should be publically visible then define them in the separate assembly and reference it from the projects of the encrypted and not encrypted assembly.
If some members in your encrypted assembly can throw an exception of the custom type which should be caught and processed in the not encrypted code, then it is not recommended to define custom exception type in the encrypted assembly. Define it in the separate assembly and reference it from the project of the encrypted assembly and from the project where exception will be caught and processed.
As the next step we should decide which classes from the encrypted assembly should be accessible from the not encrypted code through the automatically generated wrappers. We strong recommend minimizing the number of the publically visible classes. Structure of the publically visible classes can give a lot of information about internal implementation of the hidden functionality. If it is not supposed to use class from the external code then declare it as internal (Friend in VB.NET).
Try to make classes in your assembly to have small number of the publically visible properties and methods. If it is not supposed to use property or method from the external code then declare it as private or internal.
Try to not use publically visible nested classes.
What is a best practice to create those “black box”? I could recommend you some rules which help you to create good assembly for encryption.
First of all we should detect what data types (mostly it concerns to the classes, interfaces and exceptions) will be used from both (encrypted and not encrypted) parts of your application and then decide where and how they will be declared.
Your encrypted assembly shouldn’t declare publically visible interfaces. For example, class in your encrypted assembly implements interface which than is used in the not encrypted code. In this case you should define that interface in the separate assembly and reference it from the projects of the encrypted and not encrypted assembly:
If your encrypted assembly uses delegates which should be publically visible then define them in the separate assembly and reference it from the projects of the encrypted and not encrypted assembly.
If some members in your encrypted assembly can throw an exception of the custom type which should be caught and processed in the not encrypted code, then it is not recommended to define custom exception type in the encrypted assembly. Define it in the separate assembly and reference it from the project of the encrypted assembly and from the project where exception will be caught and processed.
As the next step we should decide which classes from the encrypted assembly should be accessible from the not encrypted code through the automatically generated wrappers. We strong recommend minimizing the number of the publically visible classes. Structure of the publically visible classes can give a lot of information about internal implementation of the hidden functionality. If it is not supposed to use class from the external code then declare it as internal (Friend in VB.NET).
Try to make classes in your assembly to have small number of the publically visible properties and methods. If it is not supposed to use property or method from the external code then declare it as private or internal.
Try to not use publically visible nested classes.
Комментариев нет:
Отправить комментарий