Is there call for an encryption plugin?

richard11 · May 1, 2018, 9:54pm

In case anybody still isn’t aware, the upcoming GDPR regulations mean that, among other things, any sensitive data that our apps take should be encrypted for storage and ideally broken up into separate databases, stored at separate physical locations so that for example email addresses and names aren’t contained in the same data table and if either database is breached, the attacker doesn’t leave with a complete record.

We’re actually a web agency more than anything and specialise in ecommerce - games is a bit of a new venture for us - so GDPR is something we’re taking pretty seriously. Perhaps more than most games developers need to.

To try to make things easier for people, I’m wondering if there’s any call for an encryption library in Corona? Basically, we have an in-house PHP library that gives us obfuscate and decipher functions using algorithms that centre around a seed. Each website that we’ve implemented our library in is given a unique seed which affects the algorithms greatly. The algorithms are built in a way that means even knowing them is useless in deciphering obfuscated content without knowing the seed used, but equally the encrypted variant of “ABC” is the same whether that’s the entire string, or if it’s in the middle of a larger entry, meaning that you can still for example search a database for an encrypted string by simply searching the encrypted variant of the search term.

Happy to go into a bit more detail if need be, but in a nutshell, is this something anybody would find useful? Porting could take a bit of time and I must confess, I’m unsure whether Lua already offers similar functions. I’ve had a quick look and could only see one way hashing functions, SHA1/MD5 etc. The strength of our library is that content can be encrypted for storage but still searched within and deciphered again when needed later on.

Thoughts please?

For the record, there are always mouths to feed so this would I’m afraid be a paid plugin, but most like a one time $1 cost that’s all.

anon63346430 · May 1, 2018, 11:47pm

FYI, Corona already offers two-way encryption using the crypto and openssl libraries.

Personally, I use AES 256 bit ciphers with an MD5 hash to encrypt my data and then send that via SSL to my servers. This can then be downloaded and decrypted easily in Corona.

Happy to share code to make an easy plugin? I’ve no time for native stuff.

richard11 · May 2, 2018, 6:01am

Ah, ok. I didn’t see the two way algorithms, only the one way hash options. It might be that a plugin just isn’t needed then.

Do you know if the encrypted result is searchable?

For example, say you have the following names:

John Smith
James Jameson
Edward Scissorhand
Peter Smith

And you store these in a database, encrypted (not a Lua example, sorry. I’m not yet familiar with Lua database calls):

foreach($name as $key => $val) {
dbQuery(‘INSERT INTO tblNames (fldName) VALUES (’’.obfuscate($val).’’)’);
}

The names are then unreadable without deciphering, but with our algorithms you could still for example grab all records that end in Smith, by looking up the encrypted string like this:

$records = dbFetchAll(dbQuery(‘SELECT fldName FROM tblNames WHERE fldName LIKE ‘%’.obfuscate(‘Smith’).’’’);

And then just decrypt for the output:

foreach($records as $key => $val) {
echo decipher($val[‘fldName’]);
}

If this is already possible using crypto then I won’t bother porting our library. If it’s not though, and would be useful to others, then I will.