Geek Answers Handbook

Is there a way to obfuscate API keys in package R?

I need a consumer key and a secret for the R package that I am developing. It would be a little cumbersome for each user to apply and get their own, and in fact this is not necessary, since they will need to authenticate using a username / password to use the package features. However, I am not allowed to share my keys in the public domain. Is there a way that the key + secret (or any bit of information for that matter) can be hidden in my package source when it is on CRAN? I guess the answer is no, but I would like to make sure that I have no other ideas.

Update. The only abuse I foresee is extracting someone and using keys in another application to limit my bids as much as possible. But if so, then I could just remove it. But there may be other forms of abuse that I do not see. Perhaps I should just let everyone apply for their own.

+5
source share
1 answer

Well, as long as you realize that obfuscation is not safe, there are some simple ways to obfuscate. You do not indicate how your keys are stored, so I will assume that they are stored in binary form in a file.

The simplest obfuscation is xorwith some meaning - I will use DEADBEEF just because it sounds delicious:

keyFile <- "c:/foo.bin"
obfuscatedKey <- readBin(keyFile, "raw", file.info(keyFile)$size)
key <- xor(obfuscatedKey , as.raw(c(0xde, 0xad, 0xbe, 0xef))) # xor with DEADBEEF

- , xor , obfuscatedKey .

. "" (42), :

# obfuscate
key <- 101:110
n <- length(key)
set.seed(42, "Mersenne-Twister") # To get the same permutation
perm <- sample.int(n)
obfuscatedKey <- key[perm]

# unobfuscate
orgKey <- integer(n)
set.seed(42, "Mersenne-Twister") # To get the same permutation
perm <- sample.int(n)
orgKey[perm] <- obfuscatedKey

identical(key, orgKey) # TRUE

... , , ...

+3

More articles:


All Articles