Thank you for your help.
You got a tricky issue there. Without knowing what language the application is written, I would suggest your goal should be to encrypt the application itself, not the whole ISO. My reasoning is that the OS needs to read the ISO in order to use the data on it, and so the application will become readable too.
The aplications are a sort of scripts in bash, other C/C++ compiled programs, and some python scripts.
But there are aplication configuration files that contain user data that should not be seen by the end user.
That being said, encrypting the application is hard if it isn’t a compiled binary - and if it is, it can still be “cracked”, since the instructions run on the user’s computer, which he can intercept and reverse-engineer into source code (sort-of).
I have the idea to use a compiled program with a password embedded on it to decript the sensitive information, but that way any one can execute that program and will have access to the contentes any way.
The part of not needing to provide the key to resolve the encryption seems like a paradox. From where would be the key (or let’s say password) provided? In theory you could provide it from the OS level, and if the user does not have superuser privileges, he can’t access it - but unless it is a secured environment, say a corporate laptop where a user can’t do more than run some applications or save documents here and there, there is no guarantee of no superuser privileges.
That is the big problem, but is there a way to hide the encription key? Make it dificult to the end user to find it?
The best approach would be that you simply don’t hand out the code, and it runs on your servers, but I believe this is not the case, that’s why you think around ISO files.
This is a system that has to run without internet access.