Attention: Here be dragons

This is the latest (unstable) version of this documentation, which may document features not available in or compatible with released stable versions of Godot.

Checking the stable version of the documentation...

Crypto

繼承： RefCounted < Object

提供對高階加密功能的存取。

說明

The Crypto class provides access to advanced cryptographic functionalities.

Currently, this includes asymmetric key encryption/decryption, signing/verification, and generating cryptographically secure random bytes, RSA keys, HMAC digests, and self-signed X509Certificates.

var crypto = Crypto.new()

# Generate new RSA key.
var key = crypto.generate_rsa(4096)

# Generate new self-signed certificate with the given key.
var cert = crypto.generate_self_signed_certificate(key, "CN=mydomain.com,O=My Game Company,C=IT")

# Save key and certificate in the user folder.
key.save("user://generated.key")
cert.save("user://generated.crt")

# Encryption
var data = "Some data"
var encrypted = crypto.encrypt(key, data.to_utf8_buffer())

# Decryption
var decrypted = crypto.decrypt(key, encrypted)

# Signing
var signature = crypto.sign(HashingContext.HASH_SHA256, data.sha256_buffer(), key)

# Verifying
var verified = crypto.verify(HashingContext.HASH_SHA256, data.sha256_buffer(), signature, key)

# Checks
assert(verified)
assert(data.to_utf8_buffer() == decrypted)

using Godot;
using System.Diagnostics;

Crypto crypto = new Crypto();

// Generate new RSA key.
CryptoKey key = crypto.GenerateRsa(4096);

// Generate new self-signed certificate with the given key.
X509Certificate cert = crypto.GenerateSelfSignedCertificate(key, "CN=mydomain.com,O=My Game Company,C=IT");

// Save key and certificate in the user folder.
key.Save("user://generated.key");
cert.Save("user://generated.crt");

// Encryption
string data = "Some data";
byte[] encrypted = crypto.Encrypt(key, data.ToUtf8Buffer());

// Decryption
byte[] decrypted = crypto.Decrypt(key, encrypted);

// Signing
byte[] signature = crypto.Sign(HashingContext.HashType.Sha256, Data.Sha256Buffer(), key);

// Verifying
bool verified = crypto.Verify(HashingContext.HashType.Sha256, Data.Sha256Buffer(), signature, key);

// Checks
Debug.Assert(verified);
Debug.Assert(data.ToUtf8Buffer() == decrypted);

方法

bool	constant_time_compare(trusted: PackedByteArray, received: PackedByteArray)
PackedByteArray	decrypt(key: CryptoKey, ciphertext: PackedByteArray)
PackedByteArray	encrypt(key: CryptoKey, plaintext: PackedByteArray)
PackedByteArray	generate_random_bytes(size: int)
CryptoKey	generate_rsa(size: int)
X509Certificate	generate_self_signed_certificate(key: CryptoKey, issuer_name: String = "CN=myserver,O=myorganisation,C=IT", not_before: String = "20140101000000", not_after: String = "20340101000000")
PackedByteArray	hmac_digest(hash_type: HashType, key: PackedByteArray, msg: PackedByteArray)
PackedByteArray	sign(hash_type: HashType, hash: PackedByteArray, key: CryptoKey)
bool	verify(hash_type: HashType, hash: PackedByteArray, signature: PackedByteArray, key: CryptoKey)

方法說明

bool constant_time_compare(trusted: PackedByteArray, received: PackedByteArray) 🔗

比較兩個 PackedByteArray 是否相等，不會洩漏時序資訊，能夠防止時序攻擊。

詳情見這篇博文。

PackedByteArray decrypt(key: CryptoKey, ciphertext: PackedByteArray) 🔗

用提供的私密金鑰 key 解密給定的密文 ciphertext。

注意：所接受的密文的最大尺寸受到金鑰大小的限制。

PackedByteArray encrypt(key: CryptoKey, plaintext: PackedByteArray) 🔗

用提供的公開金鑰 key 加密給定的明文 plaintext。

注意：所接受的明文的最大尺寸受到金鑰大小的限制。

PackedByteArray generate_random_bytes(size: int) 🔗

生成具有給定大小 size 的加密安全隨機位元組的 PackedByteArray。

CryptoKey generate_rsa(size: int) 🔗

生成可用於建立自簽章憑證並傳遞給 StreamPeerTLS.accept_stream() 的 RSA CryptoKey。

X509Certificate generate_self_signed_certificate(key: CryptoKey, issuer_name: String = "CN=myserver,O=myorganisation,C=IT", not_before: String = "20140101000000", not_after: String = "20340101000000") 🔗

Generates a self-signed X509Certificate from the given CryptoKey and issuer_name. The certificate validity will be defined by not_before and not_after (first valid date and last valid date). The issuer_name must contain at least "CN=" (common name, i.e. the domain name), "O=" (organization, i.e. your company name), "C=" (country, i.e. 2 lettered ISO-3166 code of the country the organization is based in).

A small example to generate an RSA key and an X509 self-signed certificate.

var crypto = Crypto.new()
# Generate 4096 bits RSA key.
var key = crypto.generate_rsa(4096)
# Generate self-signed certificate using the given key.
var cert = crypto.generate_self_signed_certificate(key, "CN=example.com,O=A Game Company,C=IT")

var crypto = new Crypto();
// Generate 4096 bits RSA key.
CryptoKey key = crypto.GenerateRsa(4096);
// Generate self-signed certificate using the given key.
X509Certificate cert = crypto.GenerateSelfSignedCertificate(key, "CN=mydomain.com,O=My Game Company,C=IT");

PackedByteArray hmac_digest(hash_type: HashType, key: PackedByteArray, msg: PackedByteArray) 🔗

使用金鑰 key 生成 msg 的 HMAC 摘要。hash_type 參數是用於內部和外部雜湊的雜湊算法。

目前僅支援 HashingContext.HASH_SHA256 和 HashingContext.HASH_SHA1。

PackedByteArray sign(hash_type: HashType, hash: PackedByteArray, key: CryptoKey) 🔗

使用提供的私密金鑰 key 對型別為 hash_type 的給定 hash 進行簽章。

bool verify(hash_type: HashType, hash: PackedByteArray, signature: PackedByteArray, key: CryptoKey) 🔗

使用提供的公開金鑰 key 驗證型別為 hash_type 的給定簽章 signature。