What is white-box cryptography?

White-box cryptography is a software-based technology combining methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new white-box program can be run safely from an insecure environment. White-box cryptography gives organisations a way to encrypt critical portions of programs and store the keys for decryption in a manner that is essentially tamper-proof.

How does white-box cryptography work?

White-box cryptography obscures and blends the internal data and execution flow of an algorithm so that it becomes difficult for an attacker to separate and identify cryptographic keys. This prevents those keys from being found or extracted from the application. White-box implementations may include protections against static analysis, runtime code modifications, timing attacks, and fault injection.

An alternative to white-box crypto: Secure Local Storage (SLS) by Promon

Secure Local Storage (SLS) is a state-of-the-art security feature. It provides app developers with the ability to store app secrets, such as session tokens, personally identifiable information, and API keys locally on the end-user device in a secure and encrypted manner. Compared to white-box crypto, SLS is unparalleled in terms of simplicity and user-friendliness; you do not need any crypto knowledge, nor do you have to deal with any crypto complexities.