Protecting Python Applications

The following methods exist to protect Python applications using Sentinel LDK Envelope on a Windows or Linux machine:

1.Script Envelope

Script Envelope is an advanced command-line tool for applying Sentinel LDK Envelope protection to Python applications.

NOTE   Due to its built-in automation, Script Envelope is the simplest and preferred method for applying Sentinel Envelope protection to your applications.

2.Cython (https://cython.org/) followed by Sentinel LDK Envelope

This method protects Python applications by combining Cython with Sentinel LDK Envelope. This works by first translating your sensitive Python modules into native modules (PYD/SO files) which are then protected using Envelope.

This method provides a higher level of security because the additional compilation step lowers the code’s abstraction level and enables Sentinel LDK Envelope to protect the application as code and not just as data. This results in more sophisticated protection measures. However, this method is slightly more complicated to set up, as it requires Cython and a working C compiler.

NOTE   This method cannot protect an application's start script, only its Python modules. Therefore, Thales recommends that you place your application's actual entry point inside a Python module and only use the start script to call the module.

You can perform either protection process using Sentinel LDK Envelope on a Windows or Linux platform. For more information, see the Sentinel LDK Envelope for Windows or the Sentinel LDK Envelope for Linux.