统一c#中的加密
本文关键字:加密 统一 | 更新日期: 2023-09-27 17:59:06
我有一个加密和解密脚本,它运行得很好,但我的问题是,它到底有多安全?我使用了另一个来源的一些脚本,并自己添加了盐。我没有将该脚本用于任何需要高安全性的内容,目前只对单个玩家保存游戏数据进行加密。
任何建议或建议也将不胜感激,因为我是加密新手。
提前感谢!
using System;
using UnityEngine;
using System.IO;
using System.Security.Cryptography;
using System.Text;
public static class Crypto
{
private const string saltIndiatior = "MySaltIndacationString"
private const int startSaltLength = 32;
private const int endSaltLength = 32;
public static string RandomString(int length)
{
var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*<>+-=_";
var stringChars = new char[length];
var random = new System.Random();
for (int i = 0; i < stringChars.Length; i++)
{
stringChars[i] = chars[random.Next(chars.Length)];
}
return new String(stringChars);
}
private static string GetSalt(int max)
{
byte[] salt = new byte[max];
RNGCryptoServiceProvider.Create().GetNonZeroBytes(salt);
return UTF8Encoding.UTF8.GetString(salt);
}
/// <summary>
/// Encrypts a message
/// </summary>
/// <param name="toEncrypt">plain text to encrypt</param>
/// <param name="key">Length must be 32</param>
/// <returns></returns>
public static string Encrypt(string toEncrypt, string key)
{
string startSalt = RandomString(startSaltLength);
string salt = GetSalt(endSaltLength);
byte[] keyArray = UTF8Encoding.UTF8.GetBytes(key);
// 256-AES key
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(startSalt + saltIndiatior + "{" + salt.Length + "}" + toEncrypt + salt);
RijndaelManaged rDel = new RijndaelManaged();
rDel.Key = keyArray;
rDel.Mode = CipherMode.ECB;
rDel.Padding = PaddingMode.PKCS7;
// better lang support
ICryptoTransform cTransform = rDel.CreateEncryptor();
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
return Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
/// <summary>
/// Decrypts a message
/// </summary>
/// <param name="toDecrypt">encrypt</param>
/// <param name="key"></param>
/// <returns></returns>
public static string Decrypt(string toDecrypt, string key)
{
Debug.Log("Decrypting::" + toDecrypt);
byte[] keyArray = UTF8Encoding.UTF8.GetBytes(key);
// AES-256 key
byte[] toEncryptArray = Convert.FromBase64String(toDecrypt);
RijndaelManaged rDel = new RijndaelManaged();
rDel.Key = keyArray;
rDel.Mode = CipherMode.ECB;
rDel.Padding = PaddingMode.PKCS7;
// better lang support
ICryptoTransform cTransform = rDel.CreateDecryptor();
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
string decoded = UTF8Encoding.UTF8.GetString(resultArray);
Debug.Log("0(decoded)::" + decoded);
//Remove 32 char long startSalt
decoded = decoded.Remove(0, startSaltLength);
if (decoded.StartsWith(saltIndiatior))
{
string saltSize = decoded.Substring(0, 1 + decoded.IndexOf("}"));
Debug.Log("1 (salt Indicator):: " + saltSize);
int saltLength = int.Parse(saltSize.Replace(saltIndiatior, "").Replace("{", "").Replace("}", ""));
Debug.Log("2(saltLength):: " + saltLength);
Debug.Log("3(salt)::" + decoded.Substring(decoded.Length - saltLength, saltLength));
decoded = decoded.Remove(0, saltSize.Length);
if (saltLength > 0)
{
decoded = decoded.Remove(decoded.Length - saltLength, saltLength);
}
Debug.Log("Finished:: " + decoded);
return decoded;
}
else
{
Debug.LogError("ERROR: could not decrypt properly");
return decoded;
}
}
}
这取决于你在玩什么类型的游戏。如果这是一个离线游戏,并且你把盐存储在玩家的电脑上,那就不那么安全了。一开始可能有点难发现,但一旦发现,就等于没有加密。
如果你不想让玩家修改他们的保存数据,最安全的方法是在你的服务器上托管它们。然而,我建议你不需要担心保存数据,如果它只是一个离线游戏。让玩家为所欲为,如果游戏崩溃,那就是他们的问题。