Hints for Safe Implementation - How to protect the UPW

The API integration offers you the best compatibility and flexibility. For example, you can keep your software running in demo or limited full-product mode if the CRYPTO-BOX^® is not present.

Before starting with the CRYPTO-BOX integration into your software, we strongly recommend that you review our secure implementation notes in Chapter 17 of the Smarx^®OS Compendium. By following these suggestions, you can significantly increase the protection level of your integration.

An important point is the protection of the CRYPTO-BOX user password (UPW). If you store the UPW statically in your source code, it can be easily found by an attacker analyzing your software. Therefore it is a good idea to decrypt the UPW dynamically during program execution. This sample project demonstrates how you can implement this securely:
https://www.marx.com/share/PPK/CBIOS-Cpp-Sample-ProtectUPW.zip

The sample is written in C++ (Visual Studio) and is based on the CBIOS API. It serves as a reference code which can be adapted to other development environments as well. More samples with demonstrate the usage of hardware based encryption functions of the CRYPTO-BOX can be found in the Smarx OS Professional Protection Kit (PPK).

Do you have any questions or feedback to this sample, or need support by adapting it to other languages/development environments? Please contact us!