tags:

views:

202

answers:

1
Q: 

How to generate key code containing encrypted data?

Situation:

I want to provide a website service where users can enter some data e.g. 15 bytes long name "namedata" and get a key code. That code can then be used to unlock some feature in a game (provided by me), also utilizing the namedata (think of a custom Lazgun named "Lazgun of Peter", where "Peter" is the namedata).

My plan is to encrypt the namedata along with some short signature (e.g. 5 Bytes "hello") with asymmetric encrytion (using the private key) into the key code (something like AsdF-STaCK-0VEr-FL0W-13Abbx).

The user then enters the key code in the game and the game then decodes the data with a public key into the namedata and the signature and voila the user gets its "Lazgun of Peter".

Problem:

The problem (or my misunderstanding?) is that the typical RSA encryption can only be used to encrypt data of the length of the key, e.g. 1024 bit, which would be too long for my key code - no user wants to enter codes with 150+ characters (assuming about 6 bit data per entered character).

Question:

What kind of encryption should I use to get decent security, so that only my website service can generate "correct" codes, but the user only has to enter codes about the size of the namedata + signature + some small overhead?

Note: The game executable is obviously publically available and any encryption key stored in it could be read from it, but the executable itself cannot be altered (copy protection).

A: 

I think it is the wrong idea to store all item data inside the actual key code.

It makes more sense to create a unique download code. When entered, the client will connect to a server, and download the actual item data through a secure connection.

Does this make any sense?

kotlinski  2009-05-30 10:40:11
Yes that should work, but that would mean a lot more effort for infrastructure - the client (game) would need to communicate with some server. Unfortunately I have to keep the budget small and also im not responsible for the website part.
 2009-05-30 11:23:10
OK, but if it's low-budget, RSA seems really overkill. Maybe you can just use some simple cipher like Vigenère? http://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher
kotlinski  2009-05-30 11:37:45
...and pray that the game doesn't get popular :)
kotlinski  2009-05-30 11:39:18
Id rather pray it gets very popular and I redo that system. ;)But thinking about Your answer already helped, I think I just need to change the way that key code is delivered: Rather than letting the user type in some key I give him some file via mail (or maybe let him paste a very long code), so the length of the key code is no longer an issue.Thnx!
 2009-05-30 11:50:52

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords