Okay, well, here's the full situation: I and a group of others are working
on an open source game.
Since it's open source, the code is publicly available. For reasons that are
more complex than I'd want to go in here, a freely available client would be
modifiable such that someone could create a client that makes it easy for
the user to cheat in the game.
To avoid this, we will create builds of both clients and servers that are
"certified" . It's this "certificat ion" that we're not entirely sure how to
go about at this point.
There are basically two things that need to happen.
The first is that all communications between the client and server must be
securely encrypted, as cheating could be managed by proxying the
communications and manipulating the data exchanged between clients and
servers.
The second is that the server needs to be sure that the client is the
"certified" client and not some application pretending to be the certified
client. By certified, we mean that the client is an unmodified version of
the build that we've produced.
Now, I don't want to confuse the issue. There are ways around cheating by
controlling the information that goes to the client, but for network
performance reasons, this isn't really feasible, and that's the issue that's
more complex than I'd like to go into in detail. So, let's just assume that
isn't an option, because frankly, it just isn't.
Now, if we can handle the second issue, that is, convicing the server that
the client is an unmodified version of the build we've created, then we can
easily manage the first issue.
I understand what you're saying. By very definition, the public key is
public, so any solution that relies on the public key being secure is
obviously not going to work..
I think the solution you originally offered, which is to obfuscate the build
and using string encryption to encrypt the key internally, we might be able
to make things fairly secure. We're not dealing with bank or credit data
here, so 100% security isn't essential. What's more important is simply that
security is tight enough that it's more trouble than it's worth to try to
crack the security. After all, it's just a game. But you will get the
occasional hacker who's going to make a pretty good try at cracking it, so
security has to be pretty good.
We do want to allow for an unencrypted version of the client and server to
be available so that people can test and develop extensions to the game, but
we want to be able to secure our official releases.
"William Stacey [MVP]" <st***********@ mvps.org> wrote in message
news:ee******** ******@TK2MSFTN GP11.phx.gbl...
Server sends unencrypted data to client. Server encrypts a local copy
and stores the encrypted copy.
Client encrypts data and sends the encrypted data back to server.
Server compares the two encrypted copies of the data. If they match, client has proper SN key.
Not sure what your trying to protect or do here, but I don't think the two
way conversation is required here. The client could just encrypt some
data using Rijndael and encrypt the session key using server's public key. The
server can then decrypt the Rijndael key using private key. As a public
key is public, anyone can send data to server this way if they can figure out
what is going on.
--
William Stacey, MVP
http://mvp.support.microsoft.com