Bolt Connection Encryption System

Security is one the main objectives when developing with Photon Bolt, for this reason, Bolt has builtin a native encryption system, that ensures that each package is encrypted/decrypted, making it even harder to modify by thirdy parties. Available starting on Photon Bolt v1.2.13.

One key point about this implementation that you need to keep in mind is that Bolt does not accomplish the secrets (keys) exchange, but supply all necessary means to create and extract such keys, that later will be used to encrypt the data. In summary, in order to properly use this system, you need to implement your own secure exchange service.

Basic Setup

The Encryption System setup is as easy as set all necessary keys, and you are done. Photon Bolt will use those keys to encrypt and decrypt all the packages without any other intervention. The code sample below shows how you can setup and reset the encryption system:

using System;
using UdpKit.Security;
using UnityEngine;

namespace Bolt.Samples.Encryption
{
    /// <summary>
    /// Example class to fill the Encryption Keys
    /// </summary>
    public class EncryptionSystemSample
    {
        /// <summary>
        /// Setup the Encryption System
        /// </summary>
        public static void InitEncryption()
        {
            // The Encryption System includes some Utility methods to generate all necessary Keys
            var IV = EncryptionManager.GenerateAesIV();
            var key = EncryptionManager.GenerateAesKey();
            var secret = EncryptionManager.GenerateHashSecret();

            EncodedIV = Convert.ToBase64String(IV);
            EncodedKey = Convert.ToBase64String(key);
            EncodedSecret = Convert.ToBase64String(secret);

            // Initlize the system just passing the keys as argument and done
            EncryptionManager.Instance.InitializeEncryption(EncodedIV, EncodedKey, EncodedSecret);
        }

        /// <summary>
        /// Reset the Encryption System
        /// </summary>
        public static void ResetEncryption()
        {
            // Reset all configurations on the Encryption System if you want to disable it
            EncryptionManager.Instance.DeinitializeEncryption();
        }
    }
}

We've also included a small sample showing how you can interact with the EncryptionManager class, the central class to setup the Encryption System. You can check the basic usage inside the SetupEncryptionSystem folder on the samples package included in the SDK or directly on our Samples Repo.

Back To Top

Encryption System Description

The packet encryption system accomplishes the it's behavior by the application of the following well know algorithms with the specified settings:

  • Advanced Encryption Standard (AES)(doc page):
    • Key Size: 256 bits;
    • Mode: CipherMode.CBC (doc page).
  • Message Authentication Code (HMAC)(doc page).

The Data Encryption Process can be described with the following steps:

  1. Encrypt Data:
    1. The packet is prefixed with a unique sequential ID;
    2. A Hash based on the packet content is generated and appended to the data buffer;
    3. All buffer is encrypted using the above algorithms.
  2. Decrypt Data:
    1. The received data buffer is decrypted;
    2. Hash code validated, otherwise, the packet is discarded;
    3. Received ID checked with last valid packet, if older, the packet is discarded.

Back To Top

Extra Notes

Links with related information about encryption in general:

  • https://docs.microsoft.com/en-us/dotnet/standard/security/cryptography-model
  • https://chrishammond.ca/2018/09/03/rijndaelmanaged-aesmanaged-and-aescryptoserviceprovider-simpleaccountlocker-app/
  • http://www.philosophicalgeek.com/2014/10/22/using-memorystream-to-wrap-existing-buffers-gotchas-and-tips/

기술문서 TOP으로 돌아가기