0

I want to write the username,password and other stats of a player in a file, so that the user is unable to open it and check its content.

Is there a way how I can make the file un-openable to the user but allow the program to read it?

Thank you in advance.

alex
  • 5,516
  • 2
  • 36
  • 60
Richard Quasla
  • 27
  • 4

4 Answers4

0

You cannot make un-openable by external programs in your os as this in up to java but you have other choices:

  • You can encrypt your file to prevent someone to make sense out of it.
  • You can store it in a structure that only you could know and potentially make difficult for other to read it. For e.g. serializing it and storing it to a user-defined structure.

There may be other ideas also.

Eypros
  • 5,370
  • 6
  • 42
  • 75
0

In Java file permissions are very OS specific: *nix , NTFS (windows) and FAT/FAT32, all have different kind of file permissions. Java comes with some generic file permission to deal with it.

You can use setReadable, setWritable and setExecutable from java.io.File to set file permissions. However these methods are not always supported by the underlying filesystem.

In *nix system, you may need to configure more specifies about file permission( e.g: set a 777 permission for a file or directory), however, Java IO classes do not have ready method for it, but you can use the following dirty workaround:

Runtime.getRuntime().exec("chmod 777 file");

However, you should consider to encipher the content of your file, or use hash (e.g: md5 or sha1) and store the fingerprint instead of the plain string:

/* store the fingerprint, not the plain string */
store = SHA1(password);// "hello world" -> "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed"

/* check the password */
if (SHA1(password).equals(store))
    // ok
else
    // ko
Giulio Biagini
  • 935
  • 5
  • 8
0

You can encrypt/decrypt its content with a hardcoded key, but thats more an obfuscation than real security. It only matters how much effort the "user" is willing to put into getting the data with extracting the hardcoded key and decrypt.

For AES encryption you can use the following code in Java:

// generate a SHA-1 hash from your key to get 128 bit key
byte[] key = (SALT2 + "yoursecret key").getBytes("UTF-8");
MessageDigest sha = MessageDigest.getInstance("SHA-1");
key = sha.digest(key);
key = Arrays.copyOf(key, 16); // use only first 128 bit

String key = new String(org.apache.commons.codec.binary.Hex.encodeHex(raw));
byte[] keyByteArray = org.apache.commons.codec.binary.Hex.decodeHex(key.toCharArray());
SecretKeySpec skeySpec = new SecretKeySpec(keyByteArray, "AES");

Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] encrypted = cipher.doFinal("Username / Password or some secret text".getBytes());
String encryptedMessage = new String(org.apache.commons.codec.binary.Hex.encodeHex(encrypted));
System.out.printf("The encrypted message: %s\n", encryptedMessage);

The decryption is straight forward similar. Also you can look here for a more easier encryption.

Resources:
[1] (https://blog.rasc.ch/?p=285)
[2] (Java AES and using my own Key)

Community
  • 1
  • 1
alex
  • 5,516
  • 2
  • 36
  • 60
0

You can encrypt it with your own slightly modified unique algorithm

  • pick a resource efficient algorithm

  • slightly modify some of its steps just with your own to make it hard to crack

  • Modifying a cipher just to make it more unique is bad practice. Kerkhoff's principle should be followed which states that everything about a cipher should be public except the key. Besides, modifying a cipher may introduce unforseen weaknesses. – Artjom B. Jan 14 '15 at 14:46