Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

Writing secure data to a protected file



  • Hello everyone,
    I was making an application today and noticed that i only can save files like this localy

    QByteArray txtBuffer = "txtdata";
    QFile file("file.txt");
    if (file.open(QIODevice::WriteOnly))
    {
    	file.write(txtBuffer);
    	qInfo() << "[Info] Txt has been written to the disk";
    }
    file.close();
    

    and read it like this

    QByteArray txtBuffer;
    QFile file("file.txt");
    if (file.open(QIODevice::ReadOnly))
    {
    	txtBuffer = file.readAll();
    	qInfo() << "[Info] Txt has been read from the disk";
    }
    file.close();
    

    but what if that data isn't that stupid like "txtdata" but something more like progress in a game, how to save this? I could do it like this but then the player can just alter the progress in the game with a text-editor so it has more abilities or something like that. I would like to prevent this by writing to a protected location or a password-protected file, especially on Android. What is the right approach?



  • Hi! One simplistic approach that comes to my mind: Once you want to save the contents to your file.txt, take this content, append a secret string to it and compute a hash over everything. Then save the content (without the secret, of course) to a file. Also save the computed hash to another file. Next time, your application reads the two files, recomputes the hash and checks if they match.


  • Lifetime Qt Champion

    Hi,

    Thinking of something like encrypting that file ?

    The CryptFileDevice project might be of interest.



  • @Maxim-DC

    but what if that data isn't that stupid like "txtdata" but something more like progress in a game, how to save this?

    Another approach for this could be QSettings with a custom format. You could set a reader and a writer function that writes encrypted data into a file.

    
    QSettings::Format newformat = QSettings::registerFormat("cnf",read,write);
    settings = new QSettings("cnf/u.cnf",newformat);
    
    bool read(QIODevice &dev,QSettings::SettingsMap &map) {
       //your code goes here 
       return true;
    }
    
    bool write(QIODevice &dev,const QSettings::SettingsMap &map) {
       //your code goes here
      return true;
    }
    

    For not so strong encryption you could use Simple Crypt in your read and write functions


Log in to reply