String encryption can be used to hide certain data stored stored in your strings from prying eyes. String encryption works by moving all user strings to an encrypted block of storage. When needed, the runtime executive decrypts the string in memory.

Because strings are immutable objects in .NET they are subject to memory scraping attacks and should never entirely be considered secure. By encrypting strings you make it difficult for a hacker to search your assembly for key phrases like "Invalid serial number" then examining the code surrounding that text.

Not every string in your assembly will be encrypted. Only string literals. For example, when you assign a string in code to a variable, like status = "Valid", the "Valid" string will be encrypted. String constants, assigned using the const keyword in C# or Const in VB, are not encrypted since they are not stored in the code stream.

Using string encryption does add a very small amount of overhead to your methods. CodeVeil's string decryption system is much better than most other tools out there but you can tune it if needed. You can elect to encrypt only certain strings or all strings in a certain method.

Using String Encryption

To enable String Encryption

1. Open your project in the Project Editor.
2. Navigate to the Runtime & Integrity Protections section.
3. Select Enable literal string encryption.

To enable String Encryption for only a specific set of methods

• Open your project in the Project Editor.
• Select the assembly to customize.
• Select Properties from the CodeVeil tab of the ribbon.
• Navigate to the Runtime & Integrity Protections section.
• Select Enable literal string encryption.
• Uncheck Encrypt all literal strings by default.
• Select Member Overrides from the Assembly Tools tab of the ribbon.
• Navigate to the desired method and select Protect Strings.

See Also