Encryption and Playerprefs (RSA)

So I wrote a little handy script which takes in values from players in a encrypted form, and returns a value. Also, it encrypts save data back into the file using a specific key. The script works perfectly in the editor. However, for some reason, when it is used on the android build, it throws these two errors:

  • FormatException: Input string was not in the correct format.
  • UnauthorizedAccessException: Access to the path “/.config” is denied.

There are no line numbers,sources or anything.

I saw another person had the same problem as me. He added a few extra workspace declarations and it fixed the issue for him. However, it did not work for me.

I am pretty new to crypto so am I making a silly mistake somewhere?

If anyone has any idea, help is greatly appreciated!

Crypt Class:

using System.Collections;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Security.Cryptography;
using System.Collections.ObjectModel;
using System.Security;

using System;
public class Crypt : MonoBehaviour {
    private string key = "key";
    private string val;

    // Use this for initialization

    void Start(){


    //prepares string for encryption.
    public void toByte (string str, string prefval){
        byte[] valBytes = System.Text.Encoding.UTF8.GetBytes (str);
        if (true && (!prefval.Equals(""))){
            this.Encrypt(valBytes, prefval);

    //Gets saved string ready for decryption.
    public string toArray(string prefval){
        string temp = PlayerPrefs.GetString (prefval);
        string[] test = temp.Split (';');
        byte[] bytes = new byte[test.Length];

        for (int i = 0; i < test.Length; i++) {
            bytes _= Byte.Parse(test*);*_

return this.Decrypt (bytes);

private void Encrypt (byte[] vb, string prefval) {
CspParameters cspParams = new CspParameters();
cspParams.KeyContainerName = key;
var provider = new RSACryptoServiceProvider(cspParams);

byte[]encryptedBytes = provider.Encrypt(
vb, true);
bool first = true;
val = “”;
foreach (byte encryptedByte in encryptedBytes)
val += encryptedByte;
first = false;
} else {
val += “;” + encryptedByte;
PlayerPrefs.SetString (prefval, val);
Debug.Log (PlayerPrefs.GetString(prefval));


public string Decrypt(byte[] ba){
CspParameters cspParams = new CspParameters();
cspParams.KeyContainerName = key;
var provider = new RSACryptoServiceProvider(cspParams);
string decrypted = System.Text.Encoding.UTF8.GetString(
provider.Decrypt(ba, true));
return decrypted;
How it is being called:
int sval = int.Parse (c.toArray (“player_high_score”));

if (score >= sval) {
c.toByte (score.ToString(), “player_high_score”);

text.text = score + " : " + sval;
Thank you for the help in advance!

Well, it’s pointless to use such a strong encryption since the key is stored in the code, Everyone that actually manages to get access to the playerpref value can easily lookup your key in the code. You can’t get any clientside safety against people who actually know what they’re doing. Normal users don’t have access to the playerprefs. Also they are stored in a binary format so it’s already “hard” to read for “normal” people.

Simply using Random with a constant “secret” seed and xor / shift / add to each byte will be as safe as using RSA but doesn’t require a bloated security and crypto library.

On topic: Well you most likely have to include the correct assemblies into your project if you haven’t yet.

The FormatException comes either from your int.Parse or Byte.Parse line. You don’t really check if the playerpref actually exist so an empty string can’t be split and can’t be parsed into a number.

It’s also a quite inefficient way to convert a byte array into a string. It creates a lot of garbage. A StringBuilder would help a bit. Furthermore the val.Trim(); line is pointless. The Trim function returns the trimmed string. A string behaves like an immutable type. You can’t call a function on a string and directly change that string. You always have to create a new string.

val = val.Trim();

That would be correct, however not really necessary since you don’t add any whitespace which could be trimmed.

Like @saschandroid said converting to base64 is much easier and the resulting string is even shorter.