# [java] How to "encrypt" a XML-file?

## Recommended Posts

Hi I have an XML-file which holds highscores for a game of mine. I now want the user to be unable to changes this higscore list manually. How do you best solve this problem? 1. "Encrypt" the XML-file? 2. Save a check-sum in the XML-file? / Kind Regards [Edited by - CodeMachine on October 5, 2006 3:09:53 PM]

##### Share on other sites
I would go with option 2), maybe like this :

1. create your empty .xml high-score file, and calculate a md5() of the empty contents (just the nodes , default hiscore names, maybe without the processing instruction).

2. Store the md5() hash inside a node in the .xml file once you calculate it.

3. When it comes time to save the highscore list within your game

3.1. open the .xml and read the md5() hash node
3.2. replace the md5() hash node content with empty string and precalc the md5() of the xml file
3.3. compare the two hash codes, and resest the high-score files if they don't mach.
3.4. if they match then just save the new scores, precalc the md5() hash , refresh the md5 node content and save the .xml file

This should do it ! :)

##### Share on other sites
Alternatively, you can use any encryption scheme you want on the xml data, and then base64 encode the encrytped data.

To read it back, simply convert from base64 to the encrypted data and unencrypt.

The reason for the base 64 encoding is that XML forbids characters greater then a certain value, so that is the easiet way around the problem. Keep in mind that your files will more or less double in size....

##### Share on other sites
More simply, why bother. The only person that will see the high scores is the person owning the computer. Maybe a couple of friends. Unless you are having some sort of competition, then it is really a waste of time. And if you are having a competition, you should use a high score server instead.

##### Share on other sites
Quote:
 Original post by CaptainJesterMore simply, why bother.

Now I DO want this kind of security, else I would NOT have posted my question.

##### Share on other sites

Hard Rock, is there a good tutorial out there?
Or maybe you have time to construct an example? :)

/ Kind Regards

##### Share on other sites
Well, there are a lot of places you can get info about base64, not so hard really ;)

##### Share on other sites
The thing is that I want to:
1. Read XML file (to a Document object).
2. Decrypt the Document object.
3. Make changes (XPath/DOM).
4. Encrypt it.
5. Save it to file.

/ Kind Regards

##### Share on other sites
If you do not want the user to be able to edit the file, you might consider just not using a file format that is so easy to edit. It seems that this is a case where XML is not well suited to the job. You could just as easily use a binary file, and not have to worry overmuch about the user changing the highscores. In fact, it seems like it would be far easier than encrypting the file or mucking about with base64.

##### Share on other sites
The reason I am using XML is because it's very easy to retrieve/sort/add/edit data using XPath/DOM.
I think I have to calculate a CRC32 or something for all the nodes in the XML-file, and store this CRC-value in a separate node.

##### Share on other sites
Quote:
 Original post by Hard RockAlternatively, you can use any encryption scheme you want on the xml data, and then base64 encode the encrytped data.To read it back, simply convert from base64 to the encrypted data and unencrypt.The reason for the base 64 encoding is that XML forbids characters greater then a certain value, so that is the easiet way around the problem. Keep in mind that your files will more or less double in size....

I"m not sure why the need for the base64 encoding after the encryption. If you encrypt your xml then its no longer xml so you don't need to worry about the base64 encoding.

The only exception I can think of is perhaps you meant only encrypt part of the file??

Cheers
Chris

##### Share on other sites
If there is an encrypt-solution, I meant encryption of the entire file.

##### Share on other sites
Quote:
 Original post by CodeMachineI think I have to calculate a CRC32 or something for all the nodes in the XML-file, and store this CRC-value in a separate node.

Well, that's exactly what I said , some posts above.

Load your Xml into the DOM, take the text of the parent node ( I think there was a method for getting the raw data of a parent node). Calculate some hash function of that data ( maybe use MD5 ) and store that inside a node in the Xml.

An example...

Suppose initialy you have

<?xml version="1.0"?><root><hiscores><user name="name1" score="1000"/><user name="name2" score="7000"/></hiscores><hash code="" /></root>

After loading and calculating the parent (<root> node) data, you store the hash key inside the <hash> node

<?xml version="1.0"?><root><hiscores><user name="name1" score="1000"/><user name="name2" score="7000"/></hiscores><hash code="9e107d9d372bb6826bd81d3542a419d6" /></root>

Then whithin the game, you load again the Xml document into the DOM, get all that parent (node <root>) data, and replace the <hash code=...." /> with emtpy string , so <hash code="" /> and calcualte the hash again. If it is the same as the stored value, then the user *has not* changed the file !

##### Share on other sites
Hi Pro-Xex!

Yes, I know you mentioned that solution above. :)
That solution seems to be the easiest one.
Thank you

/ Kind Regards

##### Share on other sites
One more thing - I don't know what Xml parser are you using , but
if you are using MSXML, mind that it has the bad habbit to convert
tag forms.
I mean if you have
<hash code="..." ></hash> it might become <hash code="..." />, after you load it into the DOM. I suppose this could affect the hash calculations.

I'm not exactly sure, better you check this ;)

Cheers!

##### Share on other sites
I will :)
Thanks dude for the information.
I'll come back with a result - wheather I succeed or not. :)

/ Kind Regards

##### Share on other sites
Quote:
 I"m not sure why the need for the base64 encoding after the encryption. If you encrypt your xml then its no longer xml so you don't need to worry about the base64 encoding. The only exception I can think of is perhaps you meant only encrypt part of the file??

Sorry, I guess i wasn't clear. You could do it that way, but all i recommended encrypting was the actual information inside the nodes, not the entire XML document. This way base64 is necessary,as there is a possibility that the encrpyted data has illegal characters for the XML document.

Quote:
 One more thing - I don't know what Xml parser are you using , butif you are using MSXML, mind that it has the bad habbit to converttag forms.I mean if you have it might become , after you load it into the DOM. I suppose this could affect the hash calculations.I'm not exactly sure, better you check this ;)Cheers!

Well um, considering it's the java forum, its probably most likely the java parser...

Allthough google shows that MSXML has indeed been ported to Java interestingly enough.

##### Share on other sites
Hello Pro-Xex.

Now I've implemented the MD5 security check.
I'm using JDOM (http://www.jdom.org) to save the XML-file in memory. I chose
this one instead of "org.w3c.dom" which I used before, because I think JDOM is
better? :)

I think it's easier to use XPath too with JDOM.
Is JDOM one of the best to use? I've seen "DOM4J" (http://www.dom4j.org) too.

Alrighty then.
Now I have my XML-file loaded into an org.jdom.Document object. To calculate
the MD5 hash-value I get (as you said) the text-content. First I tried with:
- document.getDocumentRoot().getText();
but it didn't return the nodes correctly. I don't know why??? I get an empty string.

Instead, I saved the document to a String using org.jdom.output.XMLOutputter:
StringWriter stringWriter = new StringWriter();new XMLOutputter().output(document, stringWriter);

Doing this I get the whole document as text.
Now I calculate the MD5-hash value as you said, and it works fine!

Btw, the parser saves the "hash" node as:
<hash value="" />

/ Kind Regards

##### Share on other sites
If you just want to encrypt the file, why not use simple algorithms? I know that wikipedia also some info on some techniques (Caesarean is basic). It sounds like you're trying to protect some super-secret government thing, just gamers who want to make it look they did better than they really did.

I did some basic encryption for a tabbed-notepad-like program a couple of months ago. I used the following:

public interface Cipher{    String encrypt(String in);    String decrypt(String in, Object key);}

Then tried out several different algorithms from this. Granted, it's not very sophisticated and probably a cake-walk for dedicated professions to break. However, it would suit your purposes. Encrypt the file when writing it, and decrypt it as you parse it. I'm not sure how this would fit in with your parser, however.

##### Share on other sites
you could zip the file.

## Create an account

Register a new account

• ### Forum Statistics

• Total Topics
628362
• Total Posts
2982266

• 10
• 9
• 13
• 24
• 11