Writing secure data to a protected file



  • Hello everyone,
    I was making an application today and noticed that i only can save files like this localy

    QByteArray txtBuffer = "txtdata";
    QFile file("file.txt");
    if (file.open(QIODevice::WriteOnly))
    {
    	file.write(txtBuffer);
    	qInfo() << "[Info] Txt has been written to the disk";
    }
    file.close();
    

    and read it like this

    QByteArray txtBuffer;
    QFile file("file.txt");
    if (file.open(QIODevice::ReadOnly))
    {
    	txtBuffer = file.readAll();
    	qInfo() << "[Info] Txt has been read from the disk";
    }
    file.close();
    

    but what if that data isn't that stupid like "txtdata" but something more like progress in a game, how to save this? I could do it like this but then the player can just alter the progress in the game with a text-editor so it has more abilities or something like that. I would like to prevent this by writing to a protected location or a password-protected file, especially on Android. What is the right approach?


  • Moderators

    Hi! One simplistic approach that comes to my mind: Once you want to save the contents to your file.txt, take this content, append a secret string to it and compute a hash over everything. Then save the content (without the secret, of course) to a file. Also save the computed hash to another file. Next time, your application reads the two files, recomputes the hash and checks if they match.


  • Lifetime Qt Champion

    Hi,

    Thinking of something like encrypting that file ?

    The CryptFileDevice project might be of interest.



  • @Maxim-DC

    but what if that data isn't that stupid like "txtdata" but something more like progress in a game, how to save this?

    Another approach for this could be QSettings with a custom format. You could set a reader and a writer function that writes encrypted data into a file.

    
    QSettings::Format newformat = QSettings::registerFormat("cnf",read,write);
    settings = new QSettings("cnf/u.cnf",newformat);
    
    bool read(QIODevice &dev,QSettings::SettingsMap &map) {
       //your code goes here 
       return true;
    }
    
    bool write(QIODevice &dev,const QSettings::SettingsMap &map) {
       //your code goes here
      return true;
    }
    

    For not so strong encryption you could use Simple Crypt in your read and write functions


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.