Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses

Encrypting source code :(

by bliako (Monsignor)
on Dec 27, 2018 at 12:49 UTC ( #1227745=perlquestion: print w/replies, xml ) Need Help??

bliako has asked for the wisdom of the Perl Monks concerning the following question:

Wise Monks, please advice on how to use Filter::Crypto::CryptFile via PAR so as to primarily encrypt my source files but also control access to them (on a hosted, entirely mine, bare-metal linux)

Ideally, I want to be asked for a password/key at encryption stage and then asked just once (and not once for each module included!) each time the pp-executable is run. Is this too far-fetched? May be there is yet another module to allow for encrypting and also controlling access to the script?

The manpage states that the following will encrypt my script and all modules used by the script:

pp -f Crypto -M Filter::Crypto::Decrypt -o hello

Fine! But I was expecting to be asked for a password/key. Instead, I was asked for password once during installation of Filter::Crypto::CryptFile and then no password required when running the pp-exe script.

bw, bliako

p.s. As to why I want to do that: I feel I have contributed enough public-domain software so as not to be asked this question.

Replies are listed 'Best First'.
Re: Encrypting source code :(
by soonix (Canon) on Dec 27, 2018 at 15:58 UTC

      thanks soonix,

      PAR::Filter::Crypto is Filter::Crypto::CryptFile for PAR. Albeit, I can't figure out if there is a way to make it to ask for the encryption key whenever I run the program. As it is, it does not even ask for key when it encrypts and creates the PAR - it uses a key created at install-time.

      Reading at the other links you provided, maybe PAR::Filter::Crypto is not the way to go after all.

Re: Encrypting source code :(
by RonW (Parson) on Jan 04, 2019 at 22:42 UTC

    A PAR file is a Zip file. The executable created by pp is a self-extracting Zip file with an auto-run feature.

    In theory (I haven't tested this), you could create a PAR with pp, unzip it to a temporary location, then re-zip it with a password. Make sure the new Zip file has the extension .par

    Then do: pp -o myprog myscript.par

    If that works the way I think it does, pp will do something like cat extractor myscript.par >myprog

    (On MS Windows, it would be something like copy /b extractor.exe+myscript.par myprog.exe)

    Assuming that works AND the extractor supports encrypted Zip files, running myprog will ask for the password needed to decrypt myscript.par then extract and run normally.

    If that doesn't work, you can use 7zip to create encrypted, self extracting archives. I don't recall the details, but there are options to specify the extractor to use (you want the "installer extractor") and the command you want the extractor to run. You will need to unzip your PAR file before creating the self-extracting archive, otherwise it will be the PAR file that gets extracted and not the files inside it.

    (Note: The "installer extractor" doesn't actually install anything. It expects the command you tell it to run to do the actual installing. In your case, the command will be to run your program. After your program exits, the extractor will delete the files it created during the extraction phase.)

      RonW, the first method did not work, it does not ask me for a password but it exits silently instead. I couldn't find whether pp "extractor" code can be user-specific and couldn't see where in PAR modules the extractor code is. Any pointers on that welcome.

      For the second method you suggested, it should work but I am in Linux and still looking for 7z's "extractor.exe" linux-equivalent. But it looks like it is going to fly... alternatively, following your model, I can always make a self-extracting archive linux-style, I am the only one needing to run this, as I do not trust this code with hosting companies. But if a hosting company has a wizard who could sneak onto the temp extracted PAR files, then let it be, it's not the end of the world.


        It doesn't solve your problem, but if you decide to roll your own solution, you might want to look at this node. I did that after reading this thread because I was curious how something like what you're asking for would work.

        Offhand, I can think of 2 other possibilities:

        Use pp to create the executable without encryption, then encrypt the result. To run the program, create a program or script that decrypts the encrypted executable, runs it, then cleans up.

        If there is an acceptable Perl installation on the target system, use pp to create a PAR file, then encrypt the PAR file. In that case, create a program to decrypt the PAR file, run it. then clean up.

      Cant do that

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://1227745]
Approved by Corion
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (6)
As of 2022-12-06 22:01 GMT
Find Nodes?
    Voting Booth?

    No recent polls found