I have searched around for the best methods for encryption in terms of what ciphers to use, methods/etc. I'v decided on using 128Bit AES for the time being. My question lies more in what method is best for encrypting various types of data. In my example, this is for a small game I am making that has map data and associated image data.
I can save the data in any format, but would prefer something simple to read (when un-encrypted). Should I actually save this to the file itself, or should I change the file itself in some way?
Likewise in terms of the image files associated to the game that are saved as PNG or BMP files, any recommendations on how to encrypt those on top of the rest of the files?
My current method for the game data is to just encrypt it in singular lines - and have it load from a file line-by-line. Each line formatting to a different data value to be put into the system (e.g. load part of a map, maybe some item data, etc). Is there a better/faster method of accomplishing this that I may not have found yet?
I was also wondering about actually taking the entire class with the data saved and serializing it - then encrypting it. That way I could load the entire thing in one go straight into a class. Would this be a reasonable idea?
For the images: you can read them using a CipherInputStream / CipherOuputStream. Note that at least older Java versions ignored padding errors for CipherInputStream.
You cannot directly encrypt to lines as the output of a cipher is binary. So you need to encode (using e.g. Base64) if you want to store the result as lines. You may ask yourself if you want things like game data to be in text. I would recommend CBC mode with random IV prefixed to the ciphertext.
If the data is serializable then serializing data could be an option. Personally I'm not a huge fan of serialization in Java due to the many pitfalls. But yes, you can certainly encrypt serialized data easily, it's binary after all.
Related
I am extremely interested in writing a data compression library of my own. All my Google searches turn up results where people are saying "Just use the included Java libraries." That is not what I am looking for.
For instance, I have written a Java application that takes in an image file, conducts mathematical compression on it, and writes it to a file. Once I attempt to uncompress the file, I am not able to view the image. In fact, the uncompressed file is slightly smaller in size than the original image.
So, my question is, what is the proper way to maintain data integrity throughout the compression process? Let's say, for example, I simply sum the natural logarithms of each byte value. When I take that final value, how can I ensure that I do not lose any data during the reversal process?
I am encrypting some data from codeigniter using Encrypt class and this will be send to a java program and need to be decoded there.
php code:
$this->load->library('encrypt');
$this->encrypt->set_key(SERVER_ENCRYPT_KEY);
$this->encrypt->set_mode(MCRYPT_MODE_CFB);
$this->data = $this->encrypt->encode($this->input->post('data'));
where SERVER_ENCRYPT_KEY is the key.
I found this: MCrypt for Java but I could not make it work.
There are other libs that can do this? or maybe an example how to do this using the java version of MCrypt.
Take a look in the CI_Encrypt class. In addition to calling the mcrypt library, it does various non standard things. As an example it runs encrypted data through an own invented _add_cipher_noise method. Also, it seems that the encrypted format have changed with different versions - indicating that this could happen again.
If you are going to use the encrypted data outside codeignite you should not use what looks like codeignites own packaging of mcrypt encrypted data.
I decided to avoid CI_Encrypt and use this PHP-Java-AES-Encrypt with small changes: add noise and use 2 types of keys. Also I build a tool to convert the old encrypted data to the new format.
What I am doing is making a console blackjack for fun. I want to save the money so users can play day by day but I don't want to save it in a text file where the user can easily change the amount as they please.
I already thought of making a hidden file or a encrypted file with a password but I don't like that. I want it to be sort of like when you open some random dll file, all you see is gibberish that you can't understand.
A bulletproof way to prevent users from tampering with their stats is to store stats away from them, on a remote server. This will require users to be online during play, though. OTOH you'd be able to show a ladder of top players and so on.
An encrypted file is probably the best route if you want offline storage. You just need to hide the file properly.
Before modifying the file, read its modification time. After the update, restore the time. The user will have harder time figuring out which file has changed.
Use an innocent file used by your game with a data block inside allowed by format. It could be an XML file storing the encrypted string in a comment. It could be a JPG or PNG file storing the encrypted string in a comment or EXIF section, at a known offset (so you don't need to parse the file). WAV, OGG, MP3 also allow inclusion of non-interpreted data. This is not real steganography when you hide your data inside the actual pixel values and such, and is far easier.
I suppose you understand that a determined cracker with a disassembler and a debugger can crack this scheme. But an average user probably won't bother.
It sounds like you are talking about Steganography, but traditional encryption is probably safer and easier to implement.
You can encrypt the values within the file:
Have a look at: http://dinofilias.com/encrypt.htm
With basic encryption like this as long as the user does not have access to the key, your data is relatively secure.
You can get the effect of having a file that contains gibberish using encryption. Just save the encrypted data as bytes (not converted to ASCII representation). Since the encrypted data can have values between 0x00 and 0xFF, there will be gibberish.
Here is a simple example of how to encrypt text: http://www.exampledepot.com/egs/javax.crypto/desstring.html
I have a very large (around a gigapixel) image I am trying to generate, and so far I can only create images up to around 40 megapixels in a BufferedImage before I get an out of memory error. I want to construct the image piece by piece, then combine the pieces without loading the images into memory. I could also do this by writing each piece to a file, but ImageIO does not support this.
I think JAI can help you build what you want. I would suggest looking at the data structures and streams offered by JAI.
Also, have a look at these questions, might help you with ideas.
How to save a large fractal image with the least possible memory footprint
How to create a big image file from many tiles
Appending to an Image File
You basically want to reverse 2 there.
Good luck with your project ;)
Not a proper solution, just a sketch.
Unpacking a piece of image is not easy when an image is compressed. You can decompress, by an external tool, the image into some trivial format (xpm, uncompressed tiff). Then you could load pieces of this image as byte arrays, because the format is so straightforward, and create Image instances out of these raw data.
I see two easy solutions. Create a custom binary format for your image. For saving, just generate one part at a time, seek() to the appropriate spot in the file, then offload your data. For loading, seek() to the appropriate spot in the file, then load your data.
The other solution is to learn an image format yourself. bmp is uncompressed, but the only easy one to learn. Once learned, the above steps work quite well.
Remember to convert your image to a byte array for easy storage.
If there is no way to do it built into Java (for your sake I hope this is not the case and that someone answers saying so), then you will need to implement an algorithm yourself, just as others have commented here saying so.
You do not necessarily need to understand the entire algorithm yourself. If you take a pre-existing algorithm, you could just modify it to load the file as a byte stream, create a byte buffer to keep reading chunks of the file, and modify the algorithm to accept this data a chunk at a time.
Some algorithms, such as jpg, might not be possible to implement with a linear stream of file chunks in this manner. As #warren suggested, bmp is probably the easiest to implement in this way since that file format just has a header of so many bytes then it just dumps the RGBA data straight out in binary format (along with some padding). So if you were to load up your sub-images that need to be combined, loading them logically 1 at a time (though you could actually multithread this thing and load the next data concurrently to speed it up, as this process is going to take a long time), reading the next line of data, saving that out to your binary output stream, and so on.
You might even need to load the sub-images multiple times. For example, imagine an image being saved which is made up of 4 sub-images in a 2x2 grid. You might need to load image 1, read its first line of data, save that to your new file, release image 1, load image 2, read its first line of data, save, release 2, load 1 to read its 2nd line of data, and so on. You would be more likely to need to do this if you use a compressed image format for saving in.
To suggest a bmp again, since bmp is not compressed and you can just save the data in whatever format you want (assuming the file was opened in a manner which provides random access), you could skip around in the file you're saving so that you can completely read 1 sub-image and save all of its data before moving on to the next one. That might provide run time savings, but it might also provide terrible saved file sizes.
And I could go on. There are likely to be multiple pitfalls, optimizations, and so on.
Instead of saving 1 huge file which is the result of combining other files, what if you created a new image file format which was merely made up of meta-data allowing it to reference other files in a way which combined them logically without actually creating 1 massive file? Whether or not creating a new image file format is an option depends on your software; if you are expecting people to take these images to use in other software, then this would not work - at least, not unless you could get your new image file format to catch on and become standard.
I'm looking for a low-level encryption to write questions/answers for a test/exam application in Java. Both the questions and exam are objects. Basically, I need a way to serialize a object, write it to a file, whilst encrypting everything so no one can read the question/answers without my program.
I've heard of Protocol Buffers (http://code.google.com/apis/protocolbuffers/docs/javatutorial.html), but not sure if there is something newer/better out there or if it is the next best thing.
Cheers
-Tanner
You need two steps - serialization/deserialization, which converts an object to a representation which can be stored on disk; and encryption/decryption, which enciphers the on-disk representation.
In Java you can use an ObjectOutputStream to perform the serialization, and a CipherOutputStream to perform the encryption. First obtain a FileOutputStream, then pass that to the constructor of a CipherOutputStream, then pass that to the constructor of an ObjectOutputStream. Then you can just hand your Serializable object(s) to the ObjectOutputStream, and they'll end up serialized, encrypted and written to a file. (You will of course need to perform additional setup on at least the CipherOutputStream object, but that's the basic idea).
However, there is a rather large caveat to all of this. The encryption you're doing is no more than obfuscation - if you give someone the encrypted data and a program that can decrypt it, that person has all the information they need to decrypt the data themselves. There's no way to get around this - if your program can decrypt it, then your program can be pulled apart and its secrets found.
Judging from your description of the application, performance is not a concern. So a solution that serializes to XML (e.g. using XStream) and then encrypts the XML would be satisfy your requirements.
However, I should warn you that there is a significant risk that student with sufficient incentive could hack your encryption. I can think of only ways you can guard against this:
don't store the encrypted data on the user's machine at all, or
use an asymmetric cipher and don't ever do any decryption on the user's machine.
If you cannot do one or the other, your application is vulnerable. Hacking it is not quite as simple as reading the files with a text editor, but it is not all that hard either ... even if you feed the application through an JAR file obfuscator.