What is the correct way to store data and secure it using Unity/C#?

Questions & Answers
1

Hi Folks.

I am relatively new to Unity and C#, so apologies for this in advance.

With a project I am working on, the stored data will be key and would not want anyone to tamper with it. However having read other posts on this topic, I am somewhat confused as to what the real answer is for Unity & C#? Also I have seen people saying that Unity projects are easy to reverse engineer, thus making encryption keys within code insecure?

So. What is the correct way to store data and secure it using Unity/C#? Is there a way?

Thanks in advance.

2

The only way to keep data secure is never to give it to the user. All .NET (and, by implication, Mono)-based applications are easy to reverse-engineer. If it really matters to you, you need to store that data and do all calculations and verification of it server-side only.

3

if you want to go down the encryption path, which will be stored locally, I’ll give you the points i started with to build my basic encryption stage.

you can be reasonably happy with encrypting unity data - unless your dealing with actually-personal private data, and in that case, you’ve go a long road at this point…

http://crypto.stackexchange.com/questions/20941/why-shouldnt-i-use-ecb-encryption

4

The most secure way is the binary format.
If is your first project you better try to learn the basics, so don’t try to do something too hard.

I’m using too a binary file to my project.The advantage is you can use it on all platforms except on Web.
Is pretty easy to use the binary format.And this way is used for saving data local.

Don’t forget to use Serializable to your class;
and the values are static to use them and modify them in every scene .

And most important is to use persistentDataPath because this is the path where is store data and it will not be erased after an update, so the player will not loss data.

This is the way I save my data:

public static int skin;
public static int highScore;
public static int playerMoney;  

public static void Save()
    {
        BinaryFormatter bf = new BinaryFormatter();
        FileStream file = File.Create(Application.persistentDataPath + "/PlayerProgress.dat");
        PlayerProgress data = new PlayerProgress();
        data.money = playerMoney;
        data.skin = skin;
        data.score = highScore;
        bf.Serialize(file, data);
        file.Close();
    }

    public static void Load()
    {
        if(File.Exists(Application.persistentDataPath + "/PlayerProgress.dat"))
        {
            BinaryFormatter bf = new BinaryFormatter();
            FileStream file = File.Open(Application.persistentDataPath + "/PlayerProgress.dat", FileMode.Open);
            PlayerProgress data = (PlayerProgress)bf.Deserialize(file);
            file.Close();

            skin = data.skin;
            playerMoney = data.money;
            highScore = data.score;
        }
        else
        {
            skin = 0;
            playerMoney = 0;
            highScore = 0;
        }
    }

    void OnDisable()
    {
        Save();
    }

[Serializable]
class PlayerProgress
{
    public int money;
    public int skin;
    public int score;
}

And sorry for my english.

Good luck!