Quick Links: Download Gideros Studio | Gideros Documentation | Gideros Development Center | Gideros community chat
Encrypting save games, purchases etc... - Gideros Forum

Encrypting save games, purchases etc...

AstirianAstirian Member
edited May 2017 in General questions
Hey guys,

I'm looking at encrypting stuff before putting it into app.txt using the dataSaver then decrypting upon loading for internal logic. Would something like the following work securely?:
KEY = "somerandom16str?"
local ship1Status = "unlocked"
ship1Status = Cryptography.aesEncrypt(ship1Status, KEY)
dataSaver.saveValue("ship1Status", ship1Status)
*** Time Passes, People Do Stuff ***
local ship1Status = dataSaver.loadValue("ship1Status")
actualShip1Status = Cryptography.aesDecrypt(ship1Status, KEY)
print(actualShip1Status) -- unlocked


  • talistalis Guru
    edited May 2017 Accepted Answer
    Here the question rises;
    -According to whom and for which kind of data is it enough?

    For sensitive personal data like credit card information or some other data of course it will be not enough, but again in security topic there is no limit called "Enough" , as hackers will always continue to discover new vulnerabilities and new methods .

    For saved games and other kinds of not sensitive things, each level of security make it harder for 3rd parties to discover it but that's it.. Every layer of security will better than nothing or less layers.

    In addition to that with a little effort you can use some small tricks to enhance your security like;

    -Generate a hash code of file on close and save it in another file with again encryption also. In every opening of your program check with this hash if your file has been altered or not. Again you can compare the sizes in addition just to be sure in case of altered hash code.
    -In data file try to use a little bit not open variable names like "HP", "Agility" so for the people who can alter it it will not be so obvious what to change.
    -Try to use dependent and calculated fields. So in the calculations you can double check and find any inconsistencies easily.
    -If you want to carry it one more step away you can use two way encryption model with a server. With a server in addition you can keep the track of changes in your server also.

    As a result,

    There is a thin line between becoming paranoid and careless.
    No need to be paranoid hence there will be never ever enough security. Need to analyze the requirements so much carefully though and separate the sensitive and not sensitive data, after it need to choose the security model.


    Likes: Astirian, bali001

    +1 -1 (+2 / -0 ) Share on Facebook
  • There was another topic about this subject i forget to add it:

    Likes: Astirian

    +1 -1 (+1 / -0 ) Share on Facebook
  • Awesome, thank you. :)

    I could probably mix both the hex encryption and AES, I think that would be sufficient. :D
Sign In or Register to comment.