Sign in to follow this  
CodeMachine

[java] How to "encrypt" a XML-file?

Recommended Posts

Hi I have an XML-file which holds highscores for a game of mine. I now want the user to be unable to changes this higscore list manually. How do you best solve this problem? 1. "Encrypt" the XML-file? 2. Save a check-sum in the XML-file? / Kind Regards [Edited by - CodeMachine on October 5, 2006 3:09:53 PM]

Share this post


Link to post
Share on other sites
I would go with option 2), maybe like this :


1. create your empty .xml high-score file, and calculate a md5() of the empty contents (just the nodes , default hiscore names, maybe without the processing instruction).

2. Store the md5() hash inside a node in the .xml file once you calculate it.

3. When it comes time to save the highscore list within your game

3.1. open the .xml and read the md5() hash node
3.2. replace the md5() hash node content with empty string and precalc the md5() of the xml file
3.3. compare the two hash codes, and resest the high-score files if they don't mach.
3.4. if they match then just save the new scores, precalc the md5() hash , refresh the md5 node content and save the .xml file

This should do it ! :)

Share this post


Link to post
Share on other sites
Alternatively, you can use any encryption scheme you want on the xml data, and then base64 encode the encrytped data.

To read it back, simply convert from base64 to the encrypted data and unencrypt.

The reason for the base 64 encoding is that XML forbids characters greater then a certain value, so that is the easiet way around the problem. Keep in mind that your files will more or less double in size....

Share this post


Link to post
Share on other sites
More simply, why bother. The only person that will see the high scores is the person owning the computer. Maybe a couple of friends. Unless you are having some sort of competition, then it is really a waste of time. And if you are having a competition, you should use a high score server instead.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
If you do not want the user to be able to edit the file, you might consider just not using a file format that is so easy to edit. It seems that this is a case where XML is not well suited to the job. You could just as easily use a binary file, and not have to worry overmuch about the user changing the highscores. In fact, it seems like it would be far easier than encrypting the file or mucking about with base64.

Share this post


Link to post
Share on other sites
The reason I am using XML is because it's very easy to retrieve/sort/add/edit data using XPath/DOM.
I think I have to calculate a CRC32 or something for all the nodes in the XML-file, and store this CRC-value in a separate node.

Share this post


Link to post
Share on other sites
Quote:
Original post by Hard Rock
Alternatively, you can use any encryption scheme you want on the xml data, and then base64 encode the encrytped data.

To read it back, simply convert from base64 to the encrypted data and unencrypt.

The reason for the base 64 encoding is that XML forbids characters greater then a certain value, so that is the easiet way around the problem. Keep in mind that your files will more or less double in size....


I"m not sure why the need for the base64 encoding after the encryption. If you encrypt your xml then its no longer xml so you don't need to worry about the base64 encoding.

The only exception I can think of is perhaps you meant only encrypt part of the file??

Cheers
Chris

Share this post


Link to post
Share on other sites
Quote:
Original post by CodeMachine
I think I have to calculate a CRC32 or something for all the nodes in the XML-file, and store this CRC-value in a separate node.


Well, that's exactly what I said , some posts above.

Load your Xml into the DOM, take the text of the parent node ( I think there was a method for getting the raw data of a parent node). Calculate some hash function of that data ( maybe use MD5 ) and store that inside a node in the Xml.

An example...

Suppose initialy you have


<?xml version="1.0"?>
<root>
<hiscores>
<user name="name1" score="1000"/>
<user name="name2" score="7000"/>
</hiscores>
<hash code="" />
</root>





After loading and calculating the parent (<root> node) data, you store the hash key inside the <hash> node


<?xml version="1.0"?>
<root>
<hiscores>
<user name="name1" score="1000"/>
<user name="name2" score="7000"/>
</hiscores>
<hash code="9e107d9d372bb6826bd81d3542a419d6" />
</root>





Then whithin the game, you load again the Xml document into the DOM, get all that parent (node <root>) data, and replace the <hash code=...." /> with emtpy string , so <hash code="" /> and calcualte the hash again. If it is the same as the stored value, then the user *has not* changed the file !

Share this post


Link to post
Share on other sites
One more thing - I don't know what Xml parser are you using , but
if you are using MSXML, mind that it has the bad habbit to convert
tag forms.
I mean if you have
<hash code="..." ></hash> it might become <hash code="..." />, after you load it into the DOM. I suppose this could affect the hash calculations.

I'm not exactly sure, better you check this ;)

Cheers!

Share this post


Link to post
Share on other sites
Quote:

I"m not sure why the need for the base64 encoding after the encryption. If you encrypt your xml then its no longer xml so you don't need to worry about the base64 encoding.

The only exception I can think of is perhaps you meant only encrypt part of the file??

Sorry, I guess i wasn't clear. You could do it that way, but all i recommended encrypting was the actual information inside the nodes, not the entire XML document. This way base64 is necessary,as there is a possibility that the encrpyted data has illegal characters for the XML document.

Quote:

One more thing - I don't know what Xml parser are you using , but
if you are using MSXML, mind that it has the bad habbit to convert
tag forms.
I mean if you have
<hash code="..." ></hash> it might become <hash code="..." />, after you load it into the DOM. I suppose this could affect the hash calculations.

I'm not exactly sure, better you check this ;)

Cheers!


Well um, considering it's the java forum, its probably most likely the java parser...

Allthough google shows that MSXML has indeed been ported to Java interestingly enough.

Share this post


Link to post
Share on other sites
Hello Pro-Xex.

Now I've implemented the MD5 security check.
I'm using JDOM (http://www.jdom.org) to save the XML-file in memory. I chose
this one instead of "org.w3c.dom" which I used before, because I think JDOM is
better? :)

I think it's easier to use XPath too with JDOM.
Is JDOM one of the best to use? I've seen "DOM4J" (http://www.dom4j.org) too.

Alrighty then.
Now I have my XML-file loaded into an org.jdom.Document object. To calculate
the MD5 hash-value I get (as you said) the text-content. First I tried with:
- document.getDocumentRoot().getText();
but it didn't return the nodes correctly. I don't know why??? I get an empty string.

Instead, I saved the document to a String using org.jdom.output.XMLOutputter:

StringWriter stringWriter = new StringWriter();
new XMLOutputter().output(document, stringWriter);





Doing this I get the whole document as text.
Now I calculate the MD5-hash value as you said, and it works fine!

Btw, the parser saves the "hash" node as:
<hash value="" />

/ Kind Regards

Share this post


Link to post
Share on other sites
If you just want to encrypt the file, why not use simple algorithms? I know that wikipedia also some info on some techniques (Caesarean is basic). It sounds like you're trying to protect some super-secret government thing, just gamers who want to make it look they did better than they really did.

I did some basic encryption for a tabbed-notepad-like program a couple of months ago. I used the following:


public interface Cipher
{
String encrypt(String in);
String decrypt(String in, Object key);
}




Then tried out several different algorithms from this. Granted, it's not very sophisticated and probably a cake-walk for dedicated professions to break. However, it would suit your purposes. Encrypt the file when writing it, and decrypt it as you parse it. I'm not sure how this would fit in with your parser, however.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this