PyLocket Security Overview¶
Encryption & Key Management¶
- Military-grade encryption applied at the function level with unique keying material per function
- Industry-standard key derivation binding keys to license, application, and function context
- Cryptographic manifest signing with strict verification to prevent tampering
- Integrity verification before any decryption operation (encrypt-then-verify)
- Cloud-managed envelope encryption: per-application master keys with automatic rotation
- Secure memory handling for all key material — keys are never left in memory longer than needed
Binary Hardening¶
- Dynamic API resolution: security-sensitive system calls are resolved at runtime with no static strings in the binary
- Advanced code obfuscation applied to the native runtime across all supported platforms
- Aggressive compiler optimizations: minimal binary size, full link-time optimization, symbol stripping
Runtime Anti-Analysis¶
PyLocket's native runtime includes a multi-layered anti-analysis suite that continuously detects and responds to reverse engineering and instrumentation attempts across Windows, Linux, and macOS. The runtime re-verifies its own integrity during execution and shuts down protected execution when it determines it is being analyzed, so an attacker cannot quietly observe decrypted code. The specific detection techniques are intentionally not enumerated here so that the defenses are not a checklist for evasion.
Memory Protection¶
- Guarded memory regions with hardware-enforced access controls
- Permission toggling: decrypted code is only accessible during active execution
- Secure zeroing of all sensitive data on eviction or deallocation
- Verified through automated testing across all supported platforms
Testing & CI¶
- Continuous fuzz testing across multiple attack surfaces
- Cross-platform CI matrix covering all supported OS, Python version, and packaging format combinations
- Automated memory dump analysis to verify no plaintext bytecode is recoverable
- Comprehensive unit and integration test suites for all cryptographic and verification operations
Platform Support¶
| Platform | Architecture | Status |
|---|---|---|
| Linux | x86_64 | Full support |
| Linux | aarch64 | Full support |
| macOS | x86_64 | Full support |
| macOS | aarch64 (Apple Silicon) | Full support |
| Windows | x86_64 | Full support |
Python Version Support¶
Python 3.12, 3.13, 3.14
Packaging Format Support¶
PyInstaller (onefile + onedir), cx_Freeze, Briefcase, wheel, zip