让.txt文件不可读/不可编辑 [英] Make .txt file unreadable / uneditable

问题描述

我有一个计划，节省了高分一点.txt文件中的：

I have a program which saves a little .txt file with a highscore in it:

 // Create a file to write to. 
string createHighscore = _higscore + Environment.NewLine;
File.WriteAllText(path, createText);

// Open the file to read from. 
string createHighscore = File.ReadAllText(path);

的问题是，用户可以编辑尽可能简单的文件 - 用文本编辑。所以我想使文件的不可读/不可编辑或对其进行加密的。

我的想法是，我可以保存在一个资源文件中的数据，但我可以在资源文件中写？
或将其保存为.dll文件，加密/解密，或者寻找一个MD5求和/哈希值。

My thinking was that I could save the data in a resource file, but can I write in a resource file? Or save it as .dll, encrypt/decrypt it or look for a MD5-sum/hash.

推荐答案

不能防止用户修改文件。这是他们的计算机上，这样他们就可以为所欲为（这就是为什么整个DRM的问题是......困难）。

You can't prevent the user from modifying the file. It's their computer, so they can do whatever they want (that's why the whole DRM issue is… difficult).

既然你说你正在使用的文件保存高的分数，你有几个选择。请注意，正如前面说没有方法从与价值篡改停止一个真正的攻击者：因为您的应用程序在用户的计算机，他可以简单的反编译运行，怎么看待你要保护的价值（获得访问任何秘密在使用过程中），并采取相应的行动。但是，如果你愿意反编译的应用程序，找出所用的保护方案，并拿出一个脚本/补丁来解决它只是改变了一些只有你可以看到，好，去了？

Since you said you're using the file to save an high-score, you have a couple of alternatives. Do note that as previously said no method will stop a really determined attacker from tampering with the value: since your application is running on the user computer he can simply decompile it, look at how you're protecting the value (gaining access to any secret used in the process) and act accordingly. But if you're willing to decompile an application, find out the protection scheme used and come up with a script/patch to get around it only to change a number only you can see, well, go for it?

混淆内容

这将阻止用户直接编辑文件，但它赢得了 T作为一旦模糊算法被称为阻止他们。

This will prevent the user from editing the file directly, but it won't stop them as soon as the obfuscation algorithm is known.

var plaintext = Encoding.UTF8.GetBytes("Hello, world.");
var encodedtext = Convert.ToBase64String(plaintext);

读取文件时保存密文的文件，然后逆转这一过程。

Save the ciphertext to the file, and reverse the process when reading the file.

登录内容

这不会阻止用户编辑文件或查看其内容（但你不在乎，一个高得分不是秘密的），但你将能够如果与它篡改用户检测。

This will not prevent the user from editing the file or seeing its content (but you don't care, an high-score is not secret) but you'll be able to detect if the user tampered with it.

var key = Encoding.UTF8.GetBytes("My secret key");
using (var algorithm = new HMACSHA512(key))
{
    var payload = Encoding.UTF8.GetBytes("Hello, world.");
    var binaryHash = algorithm.ComputeHash(payload);
    var stringHash = Convert.ToBase64String(binaryHash);
}

读文件时保存这两个有效载荷和文件中的散列，然后检查保存的哈希值相匹配的新计算的。您的密钥必须保密。

Save both the payload and the hash in the file, then when reading the file check if the saved hash matches a newly computed one. Your key must be kept secret.

加密内容

利用.NET的加密库，以保存之前对内容进行加密和读取文件时进行解密。

Leverage .NET's cryptographic libraries to encrypt the content before saving it and decrypt it when reading the file.

请看看下面的例子用一粒盐，花适当的时间来了解一切实现它之前做（是的，你会使用它的一个微不足道的原因，但将来你 - 或其他人 - 可能不会）。交你如何生成IV和关键的特别关注。

Please take the following example with a grain of salt and spend due time to understand what everything does before implementing it (yes, you'll be using it for a trivial reason, but future you — or someone else — may not). Pay special attention on how you generate the IV and the key.

// The initialization vector MUST be changed every time a plaintext is encrypted.
// The initialization vector MUST NOT be reused a second time.
// The initialization vector CAN be saved along the ciphertext.
// See https://en.wikipedia.org/wiki/Initialization_vector for more information.
var iv = Convert.FromBase64String("9iAwvNddQvAAfLSJb+JG1A==");

// The encryption key CAN be the same for every encryption.
// The encryption key MUST NOT be saved along the ciphertext.
var key = Convert.FromBase64String("UN8/gxM+6fGD7CdAGLhgnrF0S35qQ88p+Sr9k1tzKpM=");

using (var algorithm = new AesManaged())
{
    algorithm.IV = iv;
    algorithm.Key = key;

    byte[] ciphertext;

    using (var memoryStream = new MemoryStream())
    {
        using (var encryptor = algorithm.CreateEncryptor())
        {
            using (var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
            {
                using (var streamWriter = new StreamWriter(cryptoStream))
                {
                    streamWriter.Write("MySuperSecretHighScore");
                }
            }
        }

        ciphertext = memoryStream.ToArray();
    }

    // Now you can serialize the ciphertext however you like.
    // Do remember to tag along the initialization vector,
    // otherwise you'll never be able to decrypt it.

    // In a real world implementation you should set algorithm.IV,
    // algorithm.Key and ciphertext, since this is an example we're
    // re-using the existing variables.
    using (var memoryStream = new MemoryStream(ciphertext))
    {
        using (var decryptor = algorithm.CreateDecryptor())
        {
            using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
            {
                using (var streamReader = new StreamReader(cryptoStream))
                {
                    // You have your "MySuperSecretHighScore" back.
                    var plaintext = streamReader.ReadToEnd();
                }
            }
        }
    }
}

这篇关于让.txt文件不可读/不可编辑的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！