**Questions on External Keys and Runtime Helper Security**

[Jerry-0202]

Dear Author,

I have been familiar with your product for some time, and I purchased the professional version last night.

After repeatedly reading through the documentation, I still have two main questions regarding the concepts of external keys and external runtime helpers:

1. The design philosophy.
2. Practical security.

1. Design Philosophy

Despite going over the documentation multiple times, I still don’t fully understand why the concept of “external” was introduced. For example, a reasonable explanation for external keys could be the ability to use plugins to annotate information in an external key file. However, based on my thorough reading of the documentation and manual debugging, I initially believe a larger risk concerns security (which I will elaborate on in the second point). I could not find any explanation in the documentation that addresses this concern, nor did I find any explanation about the genuine necessity of these concepts. I also couldn’t find the real meaning behind the external runtime helper package.

While an external runtime helper might allow multiple packages to share a single runtime helper, this alone doesn’t seem like a sufficient reason, as I could simply use pyarmor gen --prefix xxx package1 / 2 / 3...

To get to the point, although part of the documentation delves into the principles, I didn’t find any answers to my questions there. For instance, are flags like --obf-code embedded within the runtime helper or the encrypted script/package? It seems that when using the pyarmor gen runtime syntax, the runtime helper package is affected by only a limited set of parameters. However, I cannot confirm if options like --mix-str are embedded within the runtime helper and then act as a validation mechanism for encrypted scripts. Therefore, this remains unclear.

2. Security

Through some testing and debugging, I noticed that a runtime helper package can indeed influence encrypted scripts and other encrypted files. However, I still cannot determine one key aspect: if I encrypt multiple scripts and specify a predefined runtime helper using --use-runtime, what exactly happens to the runtime helper? Does it append additional information about each encrypted script? I can’t say for sure, and this makes me feel uncertain about using it with confidence.

Another issue is that generating an external key is fairly straightforward, as is creating a new external key. In this scenario, how can I be sure that a customer won’t simply generate their own key to replace mine? Does this mean I must check whether the bytecode of the key matches a predefined one each time my script or package is executed? Perhaps using something like hook/foo.py?

In conclusion, I have many unresolved questions. I spent two days thoroughly reading the documentation, and I am still seeking clarity on these points.

I would be very grateful for any insights you could provide on these matters, as they are quite significant for my understanding.

[jondy]

It's better to explain what you want to know by an simple example script and shell commands, and it also may make something clear.