C# – How to make a file tamper proof?

cSecurity

I have a (planned) commercial program that is writing out a usage log. As part of their license, users will be required to submit the log back to the company every few weeks. How can I ensure the file has not been tampered with?

System is being written in C# and Winforms or WPF.

Update: Hmmm… quite surprised that How to make a file tamper proof? is considered an "exact duplicate" of What technique can protect a secret from a fully trusted user? Anyway, the tribe has spoken.

Best Answer

As Ken mentioned, this is the same problem that DRM systems have. They use a variety of techniques to store keys where users won't (easily) be able to find them. You'd be combining a digital signature scheme with an overly-complex scheme for storing the key. Split it into multiple pieces, scattered over the user's system - some parts in the registry, some in files on the filesystem, some encoded in the modification dates and filenames of various innocent-looking files. Also, make the DRM subsystem of your code intentionally obscure, and difficult to debug.

Another alternative would be to send signature data to some remote system periodically (if you can depend on having an internet connection).