最近公司有款《围住神经猫》的微信小游戏火爆的不行!公司又决定开发一系列的神经猫的小游戏,于是,我被拉过来了。 后来使用cocos-2dx 开发一款小游戏,客户端用的是lua脚本,为了服务器与客户端交互的安全性,我们决定对API接口 传输的JSON数据进行加密、


Working with Lua encryption

Recently working with Corona SDK, I start to need some standard encryption/decryption algorithm in Lua. To start with, actually, it has rather small number of developers comparing to the Objective-C which I have been working with. Meaning that there are fewer 3rd party librarys you can rely upon. Luckily, I found one called AESLua which has some code to start. From there, my objective is to make a way to securely passing data between my client and server. (php on server-side) In fact, from what I'd read, my method is not very secure but it is better than nothing. Just for my reference, here are the list of issues along the way

Edited: Tested with iPhone 4... Input cipher text of 1280 characters. Take around 25 seconds. Unacceptable speed for general uses.

1) It requires Lua 5.2 feature which does not seem to be in Corona

Solution: Download LuaBit v0.4 and integrate it... You will need to make a mapping to allow API call to the proper place

2) Next you need to get Base64 library -- grab it here -- It initially made to allow passing it over the URL (using '-' and '_' instead of '+' and '/') So, I change them to the latter one.

3) For AESLua, by default, it uses AES-128, CBC, some kind of random padding

Here are the things to do

3.1) In pwInKey function, comment the line out

 password = ciphermode.encryptString(pwBytes, password, ciphermode.encryptCBC);

3.2) In util.padByteString function, change it to

    local paddingLength = math.ceil(#data/16)*16 - #data;

    local padding = "";

    local paddingValue = string.char ( paddingLength )  -- PKCS7 padding

    for i=1,paddingLength do

padding = padding .. paddingValue;-- PKCS7 padding


    return data .. padding;

4) Set up web server for testing, you will need php / mcrypt mod to test.

5) Creating a php for testing... here is a code

Now, my plain text below is "1234567890123456ss@#%de".

$data = 'dXzNDNxckOrb7uz2ON0AAJp4BXgkYewblTNWBSAQSEw=';

$key128 = '1234567890123456';

$iv =  '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0';

echo mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key128, base64_decode($data), MCRYPT_MODE_CBC, $iv)


That's it. The encryption backward to client machine should be a piece of cake. =)

*** By using these library, the user should be aware of the fact that Lua's performance is still far from native code. You may not want to use this algorithm to encrypt a large volume of data.






function public.unpadByteString(data)
    local padLength = tonum((string.byte(data, #data)));
    return string.sub(data,1, #data-padLength)   --unpack

