I have a need to encrypt a short string or byte array using asymmetric encryption. Can this be done using GDScript?
I've seen a couple related enhancement requests but it's unclear if anything has been implemented. If it's not (yet) available in GDScript, any suggestions on doing this?
Thanks.
Not sure about anything built in but you might be ale to maybe use a external library via GDNative? Again, haven't looked into if anything already exists but in theory you should be able to bind some library your self if it comes down to it.
@Megalomaniak said: Not sure about anything built in but you might be ale to maybe use a external library via GDNative? Again, haven't looked into if anything already exists but in theory you should be able to bind some library your self if it comes down to it.
Thanks. I've considered using C# as a last resort. I'm trying to stay pure GDScript.
I don't think you'd need to resort to another lib.
Godot uses mbedtls internally. It's a third party integration. You can find the mbedtls in thirdparty and under modules.
This is a C crypto library.
I would recommend looking through their documentation.
and the source: https://github.com/ARMmbed/mbedtls
The provide example programs you might be able to use to generate a gdnative module for yourself
https://github.com/ARMmbed/mbedtls/tree/development/programs
pkey/rsa_encrypt.c, pkey/rsa_decrypt.c: loads an RSA public/private key and uses it to encrypt/decrypt a short string through the low-level RSA interface.
The string size limitation is artificial but anything larger might require several cipher updates.
Thanks. I'll take a look.
As far as I know, Godot doesn't offer a built-in way to perform asymmetric encryption. It only exposes AES which is symmetric.
Out of curiosity, what kind of content are you looking to encrypt and why? In other words, what's the threat model?
@Calinou encrypting via RSA is also good for non-repudiation of the content it encrypts. IE only the program with the private key can have encrypted the data that way. The content itself could be hello-world or a (challenge) phrase sent from a server with a client's public key in order to authenticate the sender/holder of data.
I guess I am trying to say, it doesn't have to be a threat.
Generally the underlying encryption package ciphers can be configured using PKI keys. It isn't hard to expose the calls.
