Execute encrypted files but don't let anybody read them.
Posted
by
Stebi
on Server Fault
See other posts from Server Fault
or by Stebi
Published on 2011-01-13T16:18:39Z
Indexed on
2011/01/13
16:55 UTC
Read the original article
Hit count: 267
I want to provide a virtual machine image with an installed web application. The user should be able to boot the vm (don't login, just boot) and a webserver should start automatically.
The point is I want to hide the (ruby) source code of the web application from everyone as there is no obfuscator for ruby.
I thought I could use file system encryption to encrypt the directory with the sourcecode (or even a whole partition). But the webserver user must be able to read it automatically after booting. Nobody is allowed to login as the webserver user (or any other user) so no other can read the contents.
My questions are now:
- Is this possible?
- Because I give away the whole vm everybody could mount its virtual discs and read them (except the encrypted one). Is it now possible to find the key the webserver user needs to decrypt the files and decrypt them manually? Or is it safe to give such a vm away?
The problem is that everything needed to decrypt must be included somewhere in the vm else the webserver cannot start automatically. Maybe I'm completely wrong and you have another tip for me securing the source code.
© Server Fault or respective owner