在C＃中的加密密钥保护 [英] encryption key protection in C#

问题描述

有没有解决如下问题的行业标准：

故事;我有保存它的状态（=>水平，..）在一个XML文件的程序（=>游戏）;这种状态不应该是用户可编辑的;我想阻止他人编写的补丁软件，它可以修补我的XML和放大器;程序的状态。

您想保护您的XML文件。您可以通过加密做到这一点。但是你怎么用钥匙怎么办？

由于有人可以永远只是反向工程（打开你的DLL）连接读取键...？

 公共静态字符串加密（字符串toEncrypt）
 {
字节[] = keyArray UTF8Encoding.UTF8.GetBytes（12345678901234567890123456789012） ; 
 // 256-AES密钥
字节[] = toEncryptArray UTF8Encoding.UTF8.GetBytes（toEncrypt）; 
 RijndaelManaged的RDEL =新RijndaelManaged的（）; 
 rDel.Key = keyArray; 
 rDel.Mode = CipherMode.ECB; 
 // http://msdn.microsoft.com/en-us/library/system.security.cryptography.ciphermode.aspx 
 rDel.Padding = PaddingMode.PKCS7; 
 //更好的支持郎
 ICryptoTransform的cTransform = rDel.CreateEncryptor（）; 
字节[] = resultArray cTransform.TransformFinalBlock（toEncryptArray，0，toEncryptArray.Length）; 
返回Convert.ToBase64String（resultArray，0，resultArray.Length）; 
} 
 
公共静态字符串解密（字符串toDecrypt）
 {
字节[] = keyArray UTF8Encoding.UTF8.GetBytes（12345678901234567890123456789012）; 
 // AES-256键
字节[] = toEncryptArray Convert.FromBase64String（toDecrypt）; 
 RijndaelManaged的RDEL =新RijndaelManaged的（）; 
 rDel.Key = keyArray; 
 rDel.Mode = CipherMode.ECB; 
 // http://msdn.microsoft.com/en-us/library/system.security.cryptography.ciphermode.aspx 
 rDel.Padding = PaddingMode.PKCS7; 
 //更好的支持郎
 ICryptoTransform的cTransform = rDel.CreateDecryptor（）; 
字节[] = resultArray cTransform.TransformFinalBlock（toEncryptArray，0，toEncryptArray.Length）; 
返回UTF8Encoding.UTF8.GetString（resultArray）; 
} 
  

编辑：应用程序是100％的客户端

解决方案

我有保存它的状态（=>水平，..）在一个XML文件的程序（=>游戏） ;这种状态不应该是用户可编辑的;我想阻止他人编写的补丁软件，它可以修补我的XML和放大器;程序的状态。您可以通过加密做到这一点。但是你怎么用钥匙怎么办？因为有人可以永远只是反向工程（打开你的DLL）和阅读的关键。

您已经产生了令人信服的论据，你想要什么做是不可能的。你的说法是正确的。

安全系统的目的是保护的用户的距离的攻击者的，而不是保护的用户的数据的距离的用户本身的。

想想这样说：本场比赛是可编辑状态的程序。用户可以运行游戏。 因此，用户可以运行一个程序，可以编辑状态即可。你甚至都不需要考虑密钥管理，因为整个方案是根本不可能的。你不能既要求的用户能够运行一个程序，改变了国家的，并在同一时间禁止它的。

如果你真的想在游戏状态下保护用户则拥有给予的东西是：用户不能被允许运行游戏。相反，本场比赛必须的运行你自己的的服务器，用户运行的客户的它与服务器通信。该服务器然后确定客户端是否为敌对与否，并确定游戏状态是负责任的。

由于游戏是现在你自己的服务器上运行和保存状态，以你自己的服务器上，你知道用户是不会编辑状态，因为的他们不能运行一个程序，它这样做的

Is there an industry standard for solving following problem:

Story; I have a program (=>game) that saves it state (=>level,..) in an xml file; this state should not be user editable; and I want to prevent people writing patch software that can patch my xml & program state.

You want to protect your xml file. You can do this by encrypting. However what do you do with the key?

Because someone can always just reverse engineer (open your dll) en read the key...?

public static string Encrypt (string toEncrypt)
{
 byte[] keyArray = UTF8Encoding.UTF8.GetBytes ("12345678901234567890123456789012");
 // 256-AES key
 byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes (toEncrypt);
 RijndaelManaged rDel = new RijndaelManaged ();
 rDel.Key = keyArray;
 rDel.Mode = CipherMode.ECB;
 // http://msdn.microsoft.com/en-us/library/system.security.cryptography.ciphermode.aspx
 rDel.Padding = PaddingMode.PKCS7;
 // better lang support
 ICryptoTransform cTransform = rDel.CreateEncryptor ();
 byte[] resultArray = cTransform.TransformFinalBlock (toEncryptArray, 0, toEncryptArray.Length);
 return Convert.ToBase64String (resultArray, 0, resultArray.Length);
}

public static string Decrypt (string toDecrypt)
{
 byte[] keyArray = UTF8Encoding.UTF8.GetBytes ("12345678901234567890123456789012");
 // AES-256 key
 byte[] toEncryptArray = Convert.FromBase64String (toDecrypt);
 RijndaelManaged rDel = new RijndaelManaged ();
 rDel.Key = keyArray;
 rDel.Mode = CipherMode.ECB;
 // http://msdn.microsoft.com/en-us/library/system.security.cryptography.ciphermode.aspx
 rDel.Padding = PaddingMode.PKCS7;
 // better lang support
 ICryptoTransform cTransform = rDel.CreateDecryptor ();
 byte[] resultArray = cTransform.TransformFinalBlock (toEncryptArray, 0, toEncryptArray.Length);
 return UTF8Encoding.UTF8.GetString (resultArray);
}

edit: app is 100% client side.

解决方案

I have a program (=>game) that saves it state (=>level,..) in an xml file; this state should not be user editable; and I want to prevent people writing patch software that can patch my xml & program state. You can do this by encrypting. However what do you do with the key? Because someone can always just reverse engineer (open your dll) and read the key.

You have produced a convincing argument that what you want to do is impossible. Your argument is correct.

Security systems are designed to protect users from attackers, not to protect the user's data from the users themselves.

Think about it this way: the game is a program that can edit the state. The user can run the game. Therefore the user can run a program that can edit the state. You don't even need to consider key management because the entire scenario is fundamentally impossible. You can't both require that the user be able to run a program that changes the state and forbid it at the same time.

If you really want the game state to be protected from the user then the thing that has to give is: the user must not be allowed to run the game. Instead the game must run on a server which you own, and the user runs a client which communicates with the server. The server is then responsible for determining whether the client is hostile or not, and determining what the game state is.

Since the game is now running on a server that you own, and saving the state to a server which you own, you know that the user is not going to edit the state because they cannot run a program which does so.

这篇关于在C＃中的加密密钥保护的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！