问题描述
有没有解决如下问题的行业标准:
故事;我有保存它的状态(=>水平,..)在一个XML文件的程序(=>游戏);这种状态不应该是用户可编辑的;我想阻止他人编写的补丁软件,它可以修补我的XML和放大器;程序的状态。
您想保护您的XML文件。您可以通过加密做到这一点。但是你怎么用钥匙怎么办?
由于有人可以永远只是反向工程(打开你的DLL)连接读取键...?
公共静态字符串加密(字符串toEncrypt)
{
字节[] = keyArray UTF8Encoding.UTF8.GetBytes(12345678901234567890123456789012) ;
// 256-AES密钥
字节[] = toEncryptArray UTF8Encoding.UTF8.GetBytes(toEncrypt);
RijndaelManaged的RDEL =新RijndaelManaged的();
rDel.Key = keyArray;
rDel.Mode = CipherMode.ECB;
// http://msdn.microsoft.com/en-us/library/system.security.cryptography.ciphermode.aspx
rDel.Padding = PaddingMode.PKCS7;
//更好的支持郎
ICryptoTransform的cTransform = rDel.CreateEncryptor();
字节[] = resultArray cTransform.TransformFinalBlock(toEncryptArray,0,toEncryptArray.Length);
返回Convert.ToBase64String(resultArray,0,resultArray.Length);
}
公共静态字符串解密(字符串toDecrypt)
{
字节[] = keyArray UTF8Encoding.UTF8.GetBytes(12345678901234567890123456789012);
// AES-256键
字节[] = toEncryptArray Convert.FromBase64String(toDecrypt);
RijndaelManaged的RDEL =新RijndaelManaged的();
rDel.Key = keyArray;
rDel.Mode = CipherMode.ECB;
// http://msdn.microsoft.com/en-us/library/system.security.cryptography.ciphermode.aspx
rDel.Padding = PaddingMode.PKCS7;
//更好的支持郎
ICryptoTransform的cTransform = rDel.CreateDecryptor();
字节[] = resultArray cTransform.TransformFinalBlock(toEncryptArray,0,toEncryptArray.Length);
返回UTF8Encoding.UTF8.GetString(resultArray);
}
编辑:应用程序是100%的客户端
You have produced a convincing argument that what you want to do is impossible. Your argument is correct.
Security systems are designed to protect users from attackers, not to protect the user's data from the users themselves.
Think about it this way: the game is a program that can edit the state. The user can run the game. Therefore the user can run a program that can edit the state. You don't even need to consider key management because the entire scenario is fundamentally impossible. You can't both require that the user be able to run a program that changes the state and forbid it at the same time.
If you really want the game state to be protected from the user then the thing that has to give is: the user must not be allowed to run the game. Instead the game must run on a server which you own, and the user runs a client which communicates with the server. The server is then responsible for determining whether the client is hostile or not, and determining what the game state is.
Since the game is now running on a server that you own, and saving the state to a server which you own, you know that the user is not going to edit the state because they cannot run a program which does so.
这篇关于在C#中的加密密钥保护的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!