Crypto
Inherits:RefCounted<Object
Provides access to advanced cryptographic functionalities.
Description
The Crypto class provides access to advanced cryptographic functionalities.
Currently, this includes asymmetric key encryption/decryption, signing/verification, and generating cryptographically secure random bytes, RSA keys, HMAC digests, and self-signedX509Certificates.
varcrypto=Crypto.new()# Generate new RSA key.varkey=crypto.generate_rsa(4096)# Generate new self-signed certificate with the given key.varcert=crypto.generate_self_signed_certificate(key,"CN=mydomain.com,O=My Game Company,C=IT")# Save key and certificate in the user folder.key.save("user://generated.key")cert.save("user://generated.crt")# Encryptionvardata="Some data"varencrypted=crypto.encrypt(key,data.to_utf8_buffer())# Decryptionvardecrypted=crypto.decrypt(key,encrypted)# Signingvarsignature=crypto.sign(HashingContext.HASH_SHA256,data.sha256_buffer(),key)# Verifyingvarverified=crypto.verify(HashingContext.HASH_SHA256,data.sha256_buffer(),signature,key)# Checksassert(verified)assert(data.to_utf8_buffer()==decrypted)
usingGodot;usingSystem.Diagnostics;Cryptocrypto=newCrypto();// Generate new RSA key.CryptoKeykey=crypto.GenerateRsa(4096);// Generate new self-signed certificate with the given key.X509Certificatecert=crypto.GenerateSelfSignedCertificate(key,"CN=mydomain.com,O=My Game Company,C=IT");// Save key and certificate in the user folder.key.Save("user://generated.key");cert.Save("user://generated.crt");// Encryptionstringdata="Some data";byte[]encrypted=crypto.Encrypt(key,data.ToUtf8Buffer());// Decryptionbyte[]decrypted=crypto.Decrypt(key,encrypted);// Signingbyte[]signature=crypto.Sign(HashingContext.HashType.Sha256,Data.Sha256Buffer(),key);// Verifyingboolverified=crypto.Verify(HashingContext.HashType.Sha256,Data.Sha256Buffer(),signature,key);// ChecksDebug.Assert(verified);Debug.Assert(data.ToUtf8Buffer()==decrypted);
Methods
constant_time_compare(trusted:PackedByteArray, received:PackedByteArray) | |
decrypt(key:CryptoKey, ciphertext:PackedByteArray) | |
encrypt(key:CryptoKey, plaintext:PackedByteArray) | |
generate_random_bytes(size:int) | |
generate_rsa(size:int) | |
generate_self_signed_certificate(key:CryptoKey, issuer_name:String = "CN=myserver,O=myorganisation,C=IT", not_before:String = "20140101000000", not_after:String = "20340101000000") | |
hmac_digest(hash_type:HashType, key:PackedByteArray, msg:PackedByteArray) | |
sign(hash_type:HashType, hash:PackedByteArray, key:CryptoKey) | |
verify(hash_type:HashType, hash:PackedByteArray, signature:PackedByteArray, key:CryptoKey) |
Method Descriptions
boolconstant_time_compare(trusted:PackedByteArray, received:PackedByteArray)🔗
Compares twoPackedByteArrays for equality without leaking timing information in order to prevent timing attacks.
Seethis blog post for more information.
PackedByteArraydecrypt(key:CryptoKey, ciphertext:PackedByteArray)🔗
Decrypt the givenciphertext with the provided privatekey.
Note: The maximum size of accepted ciphertext is limited by the key size.
PackedByteArrayencrypt(key:CryptoKey, plaintext:PackedByteArray)🔗
Encrypt the givenplaintext with the provided publickey.
Note: The maximum size of accepted plaintext is limited by the key size.
PackedByteArraygenerate_random_bytes(size:int)🔗
Generates aPackedByteArray of cryptographically secure random bytes with givensize.
CryptoKeygenerate_rsa(size:int)🔗
Generates an RSACryptoKey that can be used for creating self-signed certificates and passed toStreamPeerTLS.accept_stream().
X509Certificategenerate_self_signed_certificate(key:CryptoKey, issuer_name:String = "CN=myserver,O=myorganisation,C=IT", not_before:String = "20140101000000", not_after:String = "20340101000000")🔗
Generates a self-signedX509Certificate from the givenCryptoKey andissuer_name. The certificate validity will be defined bynot_before andnot_after (first valid date and last valid date). Theissuer_name must contain at least "CN=" (common name, i.e. the domain name), "O=" (organization, i.e. your company name), "C=" (country, i.e. 2 lettered ISO-3166 code of the country the organization is based in).
A small example to generate an RSA key and an X509 self-signed certificate.
varcrypto=Crypto.new()# Generate 4096 bits RSA key.varkey=crypto.generate_rsa(4096)# Generate self-signed certificate using the given key.varcert=crypto.generate_self_signed_certificate(key,"CN=example.com,O=A Game Company,C=IT")
varcrypto=newCrypto();// Generate 4096 bits RSA key.CryptoKeykey=crypto.GenerateRsa(4096);// Generate self-signed certificate using the given key.X509Certificatecert=crypto.GenerateSelfSignedCertificate(key,"CN=mydomain.com,O=My Game Company,C=IT");
PackedByteArrayhmac_digest(hash_type:HashType, key:PackedByteArray, msg:PackedByteArray)🔗
Generates anHMAC digest ofmsg usingkey. Thehash_type parameter is the hashing algorithm that is used for the inner and outer hashes.
Currently, onlyHashingContext.HASH_SHA256 andHashingContext.HASH_SHA1 are supported.
PackedByteArraysign(hash_type:HashType, hash:PackedByteArray, key:CryptoKey)🔗
Sign a givenhash of typehash_type with the provided privatekey.
boolverify(hash_type:HashType, hash:PackedByteArray, signature:PackedByteArray, key:CryptoKey)🔗
Verify that a givensignature forhash of typehash_type against the provided publickey.