Simple Security (ssk.security.*)

This library gives you security without using heavy-weight and restricted encryption technologies.

The purpose of this module is to make it difficult for end-users to read and modify saved files. It is great for obfuscating game settings like score, IAP purchase flags, etc.

This library uses a substitution-cypher to encode and decode strings.

While difficult to crack, this is NOT STRONG security. It should not be used to secure sensitive data.

Security Operations (ssk.security:*)


genKey
encode	decode
saveKey	loadKey
printKeyString	loadKeyFromKeyString
getKeyString

Generating A Key

After exeucuting this code, the security module will be using a new randomly generated key (cypher):


ssk.security.genKey()

Encoding

To encode a string with the current key (cypher) do this:


local origString = "This is a random string 1234567890."

local encodedString = ssk.security.encode( origString )

Now, encodedString contains a obfuscated version of origString.

Decoding

To decode a previously obfuscated string:


local decodedString = ssk.security.decode( encodedString )

Assuming ssk.security was configured with the same key (cypher) used to encode encodedString, decodedString will now contain the original un-encoded string.

Saving A Key

You can save the current key (cypher) to a file with this function:

ssk.security.saveKey( fileName [ , base  ])

fileName - File to save key in.
base (system.DocumentsDirectory) - Base folder for key file.

Example


-- Save current key as file key.json (in system.DocumentsDirectory) 
ssk.security.saveKey( "key.json" )

Restoring A Key

You can restoring a key (cypher) from a key previously stored in a file with this function

ssk.security.loadKey( fileName [ , base  ])

fileName - File to load key from.
base (system.DocumentsDirectory) - Base folder for key file.

Example


-- Load key from file key.json (in system.DocumentsDirectory) 
ssk.security.loadKey( "key.json" )

Assuming ssk.security was configured with the same key (cypher) used to encode encodedString, decodedString will now contain the original un-encoded string.

Embedding A Key

Instead of saving and loading to/from a file, you may find it easier to embed a key right in your app/game code.

To do this, follow these steps:

1. Generate & Print Key

Do this in the simulator:


-- Generate random key
ssk.security.genKey() 

-- Print To Console
ssk.security.printKeyString()

2. Get Key From Console

Look in your console and find a statement like this:

21:20:38.762  'a>bKc=d e.f;goh:ijj]ktlPmzn&olpWqQrFsHtau`v!wSxEyRzsAMB0CCDTE8FUGrHYI6J-KhL[MANcO9PfQ5RnSpTbU@VdW<XZYwZI1}2k3)4g5_6(728O9?0m!i@##V$%%{^y&N*B(v)$_++D-^=4`3~* G,u.x<e>7[1]L{X}~/q?|;J:,|/'

This is the key:

'a>bKc=d e.f;goh:ijj]ktlPmzn&olpWqQrFsHtau`v!wSxEyRzsAMB0CCDTE8FUGrHYI6J-KhL[MANcO9PfQ5RnSpTbU@VdW<XZYwZI1}2k3)4g5_6(728O9?0m!i@##V$%%{^y&N*B(v)$_++D-^=4`3~* G,u.x<e>7[1]L{X}~/q?|;J:,|/'

Copy it (including the start and end tics ') to your cut-copy-paste buffer.

3. Write Code To Load Key String

Now, write this code in main.lua or in your initialization code (be sure to use key in your cut-copy-paste buffer):


-- Paste your key into this variable:
local keyString = 'a>bKc=d e.f;goh:ijj]ktlPmzn&olpWqQrFsHtau`v!wSxEyRzsAMB0CCDTE8FUGrHYI6J-KhL[MANcO9PfQ5RnSpTbU@VdW<XZYwZI1}2k3)4g5_6(728O9?0m!i@##V$%%{^y&N*B(v)$_++D-^=4`3~* G,u.x<e>7[1]L{X}~/q?|;J:,|/'

-- Now initialize ssk.security with it:
ssk.security.loadKeyFromKeyString( keyString )

Getting A Key String

At any time, you can get the current key (cypher) from ssk.security() with this function:

local keyString = ssk.security.getKeyString( )

Complete Security Example

local test = {}

-- Localize security module
local security = ssk.security

function test.run( group, params )
   group = group or display.currentStage
   params = params or {}

   table.dump(security)

   -- Print current key (default key)
   local curKey = security.getKeyString()
   print( "Default Key: ", curKey)

   -- Generate and set a new key
   security.genKey()
   local newKey = security.getKeyString()
   print( "Generated key: ", newKey )

   -- Test encoding and decoding.
   local origString = "This is a random string 1234567890."
   local encodedString = security.encode( origString )
   local decodedString = security.decode( encodedString )

   print( "   Original string: " .. tostring( origString ) )
   print( "    Encoded string: " .. tostring( encodedString ) )
   print( "    Decoded string: " .. tostring( decodedString ) )
   print( "    Strings match?: " .. tostring( origString == decodedString ) )

   -- Save key
   security.saveKey( "key.json" )

   -- Generate a new key
   security.genKey() 

   -- Load saved key   
    security.loadKey( "key.json")


    -- Test saved, generated, reloaded key
   local reDecodedString = security.decode( encodedString )

   print( " Re-Decoded string: " .. tostring( reDecodedString ) )
   print( "    Strings match?: " .. tostring( origString == decodedString ) )
end

return test