How to hide private keys in open source code

Hi,

I have a project that I want to keep as open as possible. I want others to be able to have access to the source code. However, part of my project involves a connection to an IoT service. I have an app that sends the details of the connection to the IoT service over HTTP to the Arduino device, including the private key (in an effort to not include this information directly in the source).

Is there a way hiding these details in open source code? I know I can encrypt the transmission of this information, but it still has to be decrypted on the Arduino before use, and then somebody can still print it and read it very easily if they modify the source.

Any suggestions would be welcome.

Thanks

This is what I am using

Obviously not, except that the "open source" would not include your private key, but it would be left for the user to insert theirs! :roll_eyes:

Ok, I obviously have a misunderstanding of the whole key based authentication scheme. This is something that is new to me. I will have to do further research on that outside of this thread. Thanks.

One common way is to put your key details in a header file, usually called secrets.h and include it in your main code. You can show an example of the secrets file with bogus credentials if necessary.

want others to be able to have access to the source code. However, part of my project involves a connection to an IoT service. I have an app that sends the details of the connection to the IoT service over HTTP to the Arduino device, including the private key (in an effort to not include this information directly in the source).

Maybe I'm misunderstanding you, but the idea of a Public Key Infrastructure is you distribute the public key to users (they'll use that to encrypt the data), and you use the private key to decrypt it.

Data encrypted by the public key can only be decrypted by the private key