The Godot Q&A is currently undergoing maintenance!

Your ability to ask and answer questions is temporarily disabled. You can browse existing threads in read-only mode.

We are working on bringing this community platform back to its full functionality, stay tuned for updates. | Twitter

0 votes

The Crypto object provides access to keys; however there is no way to use them to encrypt/decrypt arbitrary content, such as a message body independent of the transport protocol.

I want to encrypt/decrypt my payloads so that the TLS transport handshake is not necessary.

Is a plugin necessary?

If I use a plugin, how then does it get distributed with the final game? For example, a Python plugin. Doesn't the plugin need to run on the target system? Which means phones are a potential problem?

in Engine by (24 points)

How strong does the encrytion has to be?

Strong enough to deter all but the most determined attacker.

In my architecture, each player (ostensibly on phone) connects to a central matchmaker server, which then relays gameplay packets to each player, eliminating the NAT problem. However, that also means a malicious actor could play man-in-the-middle if that actor can read the gameplay packets.

I am also thinking about using an auth token.

But how important is the data. How valuable is the transfered data?

If money or sensible data is submitted you definitly need a strong AES encryption library.
But if only minor relevant(players postion, score etc) data is submitted i would suggest a simpler approach would do it.

Have a look here:
This does de/encryption with public/private keys and supports signing

This seems to be reasonable save for non sensible data. RSA is vulnurable to attacks but with a correct implementation it isnt simple to break.

The javascript implementation could be converted to gd with some effort.

The data is not that sensitive. I think I've got a good-enough solution using GD in the works (a combination of time, random number, base64 and a secret procedure).

The idea of calling out to some other external utility (Auth0 for example) to get an encrypted token for auth is intriguing; I had not thought of that.


Please log in or register to answer this question.

Welcome to Godot Engine Q&A, where you can ask questions and receive answers from other members of the community.

Please make sure to read Frequently asked questions and How to use this Q&A? before posting your first questions.
Social login is currently unavailable. If you've previously logged in with a Facebook or GitHub account, use the I forgot my password link in the login box to set a password for your account. If you still can't access your account, send an email to [email protected] with your username.