# rust_code_obfuscator_core
[](https://crates.io/crates/rust_code_obfuscator)
[](./CONTRIBUTING.md)
[](https://github.com/GianIac/rustfuscator/blob/main/WHITEPAPER.md)
[](https://gianiac.github.io/rustfuscator/obfuscation_fundamentals.html)
> Core engine for the [Rustfuscator](https://github.com/gianiac/rustfuscator) - a control flow and syntax obfuscation tool for Rust codebases.
---
## 🧠What is `rust_code_obfuscator_core`?
This crate is the **core logic** behind [Rustfuscator](https://github.com/gianiac/rustfuscator), a Rust code obfuscation tool that transforms readable Rust code into functionally equivalent but *harder-to-analyze* and *harder-to-reverse-engineer* output (but not impossible !!).
It is **not** a standalone crate - it powers the procedural macros and CLI-level abstractions of the [Rustfuscator project](https://github.com/gianiac/rustfuscator).
### Note about Key management for crypto.rs
Now uses build-time key management with runtime key derivation:
- If `OBFUSCATOR_KEY_HEX` (64 hex chars) is set, that value is used as the source key.
- Otherwise, a random 32-byte source key is generated for the build.
- The source key is split into masked build-time shares and reconstructed at runtime.
The 256-bit AES key is no longer injected as one static byte/string sequence.
- Deterministic builds:
```bash
export OBFUSCATOR_KEY_HEX="00112233... (64 hex chars) ..."
cargo build --release
```
- If unset, a random key is generated per build.
- The runtime API returns Result (no unwrap() in crypto paths).
- Enable the `secure_zeroize` feature to zeroize supported decrypted values and temporary clear buffers after use.
- Enable the `verify_literals` feature to add debug-only round-trip assertions inside `obfuscate_string!` / `obfuscate_str!`.
- Use `obfuscate_num!` for lightweight integer literal obfuscation; floats and arbitrary numeric expressions are intentionally out of scope.