Store Page
Godot Engine
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

Godot Engine

Store Page
Godot Engine > General Discussions > Topic Details
JL37 Apr 23, 2020 @ 4:03am
How do I use save_encrypted? (Config files)
I was reading up on the documentation on config files when I stumbled upon this function. Can someone give me an example on how to use it? What is an packedbytearray exactly?
The author of this topic has marked a post as the answer to their question.
Click here to jump to that post.
Originally posted by ]"]:
save() and save_encrypted()

https://docs.godotengine.org/en/stable/classes/class_configfile.html

There is an example there of using save():

config.save("user://settings.cfg")

This saves a file in INI-style, which is human readable. Anyone can open the file in a text editor and edit it. It's very common, I'm sure you have played some games where you can edit the ini file to change some settings.

save_encrypted() is the same, except the file is encrypted so if you open it in a text editor without decrypting it will look like gibberish. You can use this to "protect" your game settings, savegames or whatever from being edited outside the game.

You need to give it a key to encrypt/decrypt with. This key is of a type PoolByteArray (not packedbytearray).


PoolByteArray

https://docs.godotengine.org/en/stable/classes/class_poolbytearray.html

PoolByteArray is just a special array optimised for storing bytes. In other words it's an array of 1-byte numbers (0 to 255) instead of any mix of data types like a normal array.

var normal_array = ["This is a string", 2, false, 5.93] var pool_byte_array = PoolByteArray([0, 255, 123])

Instead of manually constructing a PoolByteArray like this, number by number, you can use a string (like a password/passphrase, a unique ID for the character/player, or any other info) and hash it using one of the cryptographic functions. For example str.sha256_buffer() will return the SHA-256 hash of your string as a PoolByteArray. You can find other examples on the string class docs[docs.godotengine.org] or other classes.

var my_password = "hunter2" var my_key = my_password.sha256_buffer() config.save_encrypted("user://settings.cfg", my_key)

You can see what the key looks like by converting it back to a string of hex numbers. These 2 should be identical:

print(my_password.sha256_text()) print(my_key.hex_encode()) # f52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7

Now the settings.cfg file can't be easily edited by the user unless they know the key (or the password and the function used to hash it), and use it to decrypt the file.
< >
Showing 1-3 of 3 comments
The author of this thread has indicated that this post answers the original topic.
]"] Apr 24, 2020 @ 11:25pm 
save() and save_encrypted()

https://docs.godotengine.org/en/stable/classes/class_configfile.html

There is an example there of using save():

config.save("user://settings.cfg")

This saves a file in INI-style, which is human readable. Anyone can open the file in a text editor and edit it. It's very common, I'm sure you have played some games where you can edit the ini file to change some settings.

save_encrypted() is the same, except the file is encrypted so if you open it in a text editor without decrypting it will look like gibberish. You can use this to "protect" your game settings, savegames or whatever from being edited outside the game.

You need to give it a key to encrypt/decrypt with. This key is of a type PoolByteArray (not packedbytearray).


PoolByteArray

https://docs.godotengine.org/en/stable/classes/class_poolbytearray.html

PoolByteArray is just a special array optimised for storing bytes. In other words it's an array of 1-byte numbers (0 to 255) instead of any mix of data types like a normal array.

var normal_array = ["This is a string", 2, false, 5.93] var pool_byte_array = PoolByteArray([0, 255, 123])

Instead of manually constructing a PoolByteArray like this, number by number, you can use a string (like a password/passphrase, a unique ID for the character/player, or any other info) and hash it using one of the cryptographic functions. For example str.sha256_buffer() will return the SHA-256 hash of your string as a PoolByteArray. You can find other examples on the string class docs[docs.godotengine.org] or other classes.

var my_password = "hunter2" var my_key = my_password.sha256_buffer() config.save_encrypted("user://settings.cfg", my_key)

You can see what the key looks like by converting it back to a string of hex numbers. These 2 should be identical:

print(my_password.sha256_text()) print(my_key.hex_encode()) # f52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7

Now the settings.cfg file can't be easily edited by the user unless they know the key (or the password and the function used to hash it), and use it to decrypt the file.
Last edited by ]"]; Apr 25, 2020 @ 12:24am
#1
JL37 Apr 25, 2020 @ 1:29am 
Oooooh I see, thank you!
#2
]"] Apr 25, 2020 @ 7:43pm 
Np. Btw this is not truly secure as the key is still in the game. So don't use it to store sensitive information or rely on it alone to prevent cheating (for multiplayer or games with leaderboards). For singleplayer I think it's more fun to just let the user edit files if they want to.
#3
< >
Showing 1-3 of 3 comments
Per page: 1530 50

Godot Engine > General Discussions > Topic Details
Date Posted: Apr 23, 2020 @ 4:03am
Posts: 3

Discussions Rules and Guidelines