Like I said in my comment, there is no 100% fool proof way of protecting your application from decompilation, but you can obsfuscate your application using a tool such as Dotfuscator
Where should I save the public key used for xml signature verification?
Question
I'd like to provide a simple, unencrypted xml-file as the configuration file for my desktop application (winforms, .NET 4.0, C#). I would, however, like to ensure that any configuration file used by the app is from me. For this, I'm thinking of Xml Signing, which seems to fit my requirements very well.
My only remaining question then is: How should I store the public key within my app to perform the verification of the configuration file? Embedding it into the app is my guess, but exactly how should this be done to prevent someone from simply opening the binary with a decompiler and replacing my key with his/her own?
I'm not looking for anything super secure, because I know I can't make it 100% certain anyways.
Solution
OTHER TIPS
I would use windows cert stores to store any keys http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store.aspx And windows Data protection API to store it in memory while your program is executing. https://en.wikipedia.org/wiki/Data_Protection_API http://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx