查看: 3743|回复: 2
打印 上一主题 下一主题

[经验分享] 在网页播放器使用信任链系统 Using the Chain of Trust system in th...

[复制链接]

1557

主题

1

听众

1万

积分

资深设计师

Rank: 7Rank: 7Rank: 7

纳金币
454
精华
31

最佳新人 活跃会员 热心会员 灌水之王 突出贡献

跳转到指定楼层
楼主
发表于 2013-10-16 16:15:15 |只看该作者 |倒序浏览

In this section you will learn how to create strongly-named assemblies and use them, in conjunction with Javascript, to interact with your own custom back-ends.

在这个模块,你将学会如何强命名和使用程序集,结合Javascript,来与你的自定义后端进行交互。

The Chain of Trust system allows external internet applications to trust requests which originate from within a Unity Web Player. This is useful if you wish to provide a full-featured API to Unity Developers creating games within the Unity Web Player. To use the Chain of Trust system, you must have some sort of internet application backend which accepts requests; the most common example would be a web application with a REST API. You must also have a Managed C# assembly which contains code for calling your internet application.

信任链系统允许外部互联网应用信任来源于Unity Web Player内部的请求。这个对于你向Unity开发者提供一个全功能的API在Unity Web Player开发游戏是很有用的。为了应用Chain of Trust system,你必须有一些能够接受请求的互联网应用程序的后端;最常见的例子是一个网页应用程序带有REST API。同时你还必须包含有沟通你的互联网应用的代码来Managed C#配置。

Generate a key pair 生成密钥对

The first step in establishing a chain of trust is to create the cryptographic key pair needed to sign your assembly. Do this on Windows, OS X or Linux using the SN tool.

第一步建立chain of trust是创立加密密钥需要标记你的配置。是在Window,OS X还是在Linux上使用SN工具。

  • To create a new key pair, open a command line terminal and type: sn -k myNewKey.snk
    为了创立一个新的秘钥,打开一个命令行终端然后输入: sn -k myNewKey.snk
  • Replace myNewKey.snk with the file name you'd prefer for your key pair. The file name does not matter from the point of view of the Chain of Trust system.
    用你将选择作为秘钥的文件名替换myNewKey.snk。文件名和Chain of Trust system的观点没有什么关系。
  • Keep your .SNK file secure! If this file is leaked, a malicious developer can spoof your assembly.
    保持.SNK文件安全稳定!如果文件泄露,恶意开发者可以随意更改你的配置。
Sign your assembly 程序集签名

Next take your Managed C# assembly (which you will use to call your backend), and sign it using the key pair you generated. You will need to use the al tool, which is included with Windows, OS X and Linux.

然后获取Managed C#程序集(你用来调用后端的程序),并使用你生成的秘钥签名。你将需要用到al工具,包含在Windows,OS X和Linux。

Signing the assembly is a simple process.

签名程序集是一个简单的过程。

  • Open a command line terminal, navigate to your Managed C# assembly and type: al /out:mySignedAssembly.dll myUnsignedAssembly.dll /keyfile:myNewSky.snk
    打开一个命令行终端,导航到你的Managed C#程序集然后输入: al /out:mySignedAssembly.dll myUnsignedAssembly.dll /keyfile:myNewSky.snk
    • mySignedAssembly.dll is the desired, final name of your assembly.
      mySignedAssembly.dll是所需的,最终的程序集的名称。
    • myUnsignedAssembly.dll is name of your normal, unsigned Managed C# assembly.
      myUnsignedAssembly.dll 是你的标准未签名的 Managed C#程序集的名称
    • myNewKey.snk is name of your cryptographic key pair file.
      myNewKey.snk是你的加密密钥对文件的名称。
  • Once al finishes running, your signed assembly will be ready. Drop it into your Unity project for use with the Chain of Trust system.
    一旦al完成运行完成,你的签名程序集将准备就绪。将其放进你的Unity项目用于信任链系统。
Inject your secret 加密

You can inject secrets into the Unity Web Player at any time after your Unity game has loaded. This is done with the Javascript SendMessagefunction exposed on the UnityObject2 Javascript object.

在你的Unity游戏已经加载,在任何时候在Unity Web Player里加密。这个是通过Javascript SendMessage暴露在UnityObject2 Javascript对象。

When you pass a specially-formatted message to a certain game object, the Chain of Trust system detects that you want to inject a secret and intercept the message. You do not need to create or rename any game objects to use this system. With a UnityObject2 instance called u the Javascript call will be:

当你通过一种特定格式发送消息给一个特定的游戏项目,信任链系统 就会检测到你想要添加秘钥来拦截消息。你不需要创建或者更改任何游戏项目的名字里用这个系统。用一个UnityObject2实例叫做u,Javascript调用是:

u.GetUnity().SendMessage("ChainOfTrust_SetValueASDF", ".", "name=mySecretDataName;value=mySecretValue;publickey=publicKeyTokenOfMyAssembly");

  • The SendMessage function is similar to the standard MonoBehaviour/SendMessage function. It takes three nominal arguments:
    SendMessage这个工具和MonoBehaviour/SendMessage工具类似。它需要3个标准参数:
    • the name of the target game object, 目标游戏对象的名称
    • the name of the method to invoke, and 名称的调用方法
    • a string argument. 一个字符串参数
  • With the Chain of Trust system, the name of the method is ignored entirely. The name of the target game object must begin withChainOfTrust_SetValue, however, any characters appended after ChainOfTrust_SetValue will be safely ignored.
    带有信任链系统,方法名称被完全忽略。目标游戏项目的名称必须以ChainOfTrust_SetValue开始,然而在ChainOfTrust_SetValue后附加任何字符后就可以安全的忽略了。
  • The formatting of the string argument is very important. The Chain of Trust system will split it into three parts, separated by semicolons. It expects:
    字符串的格式化是很重要的。Chain of Trust system将把它分成3个部分,用分号隔开。它分为:
    • a name, 名称
    • a value and
    • a publickey. 公钥
    Capitalization is important! All three of these keywords must be lower case and followed by an equals sign (=).
    用大写是很重要的!所有这3个关键词必须是小写,后面跟着一个等号(=)。
  • You may provide any name for your secret data. Simply replace mySecretDataName in the example above.
    你可能需要为你的保密数据准备一些name。直接替换上面例子中的mySecretDataName。
  • The value is your shared key, or other secret data that you wish to store in the Chain of Trust system. Precisely what this value consists of is specific to your particular application. Replace mySecretDataValue in the example above.
    Value是你共享的秘钥,或者其它你希望存储在Chain of Trust system的保密数据。这个值恰恰是由特定于您的特定应用程序所确定。在上面的例子中替换mySecretDataValue。
  • The publickey is the public key token with which you signed your Managed C# assembly. You can find it on your signed assembly using the sntool: sn -T mySignedAssembly.dll Copy the entire public key token, without leading or trailing whitespace, and replace myPublicKeyToken in the example above.
    Publickey是你签名的Managed C#程序集的公共秘钥。你可以通过sn工具在你签名的程序集上找到它: sn -T mySignedAssembly.dll 复制整个公共秘钥令牌,不要超前或落后空格,然后在上面 例子中替换myPublicKeyToken。
  • Add random data to the Virtual Game Object's name. You cannot ensure that everyone using the Web Player has the latest version of the Web Player runtime, meaning that not all Web Players will intercept your SendMessage call. If a malicious developer looks at your Javascript and sees the name of the virtual game object and function which you are using, they could create a Unity game which contains a game object with that name and implements that method. In the very specific case that this malicious developer's code runs on an outdated version of the Web Player, then their code could intercept your shared secret and use it to make unwanted calls to your backend. By randomizing the game object's name, it makes it more difficult for someone to intercept your Chain of Trust calls in older runtimes.
    添加随机数据到虚拟游戏项目的名字里面。你不能确保每一个使用Web Player的人在其运行时具有最新版本,意思是不是所有的Web Player都会拦截你的SendMessage通信。如果一个恶意开发者开到你使用的Javascript和你虚拟游戏项目的名字和功能,他们可以创建一个包含一个用那个名字和函数的游戏项目。在非常特殊的情况下,这个恶意开发者的代码运行在一个非常过时的Web Player版本。
Retrieve your secret 解密

Once a secret has been injected into the Unity Web Player, you can only retrieve it with a cryptographically-signed ("strong named") Managed C# assembly with a matching public key token.

一旦加密Unity Web Player,你只能用具有密码签名(“强命名”)Managed C#程序集带有一个匹配的公钥获取。

  • The Managed C# assembly must call Security.GetChainOfTrustValue to retrieve the secret. GetChainOfTrustValue requires you to pass in the name of the secret, as specified at injection time in the name= clause of the payload.
    Managed C#程序集必须调用 Security.GetChainOfTrustValue来取回secret. GetChainOfTrustValue需要你在指定的注入时间有效的 name=条件来传递密码的名称
  • GetChainOfTrustValue returns the value of your secret as a clear-text string, which you can then use within your assembly.
    GetChainOfTrustValue以一串明文的字符串返回你的秘钥的值,然后你可以在程序集使用。
  • For an injection payload name=mySecret;value=superSecretData;publickey=A92181sn828O, the code to retrieve your secret within your Managed C# assembly will be: string myValue = Security.GetChainOfTrustValue("mySecret");
    用于有效载荷name=mySecret;value=superSecretData;publickey=A92181sn828O,代码解密你的Managed C#程序集将是: string myValue = Security.GetChainOfTrustValue("mySecret");
  • As you've gone through a lot of trouble to keep the value of your secret secure, you should not return the secret's value to any functions or code outside your Managed C# assembly.
    当你经过很多麻烦来保证你的秘钥安全的价值,你不应该返回秘钥的价值到你管理的C#配置的功能和代码之外。
  • Any attempts to call Security.GetChainOfTrustValue from code that is not within a signed assembly, or from within a signed assembly whose signature does not match the secret's specified public key, will generate an error in the logs and Security.GetChainOfTrustValue will return an empty string.
    任何尝试调用在代码中调用Security.GetChainOfTrustValue 没有签名程序集,或者签名和公共秘钥不匹配的签名程序集,将在日志中生成错误记录,同时Security.GetChainOfTrustValue也会返回一串空字符串。

分享到: QQ好友和群QQ好友和群 腾讯微博腾讯微博 腾讯朋友腾讯朋友 微信微信
转播转播0 分享淘帖0 收藏收藏0 支持支持0 反对反对0
回复

使用道具 举报

1557

主题

1

听众

1万

积分

资深设计师

Rank: 7Rank: 7Rank: 7

纳金币
454
精华
31

最佳新人 活跃会员 热心会员 灌水之王 突出贡献

沙发
发表于 2013-10-16 16:17:33 |只看该作者
顶一下!!!!
回复

使用道具 举报

955

主题

164

听众

7万

积分

版主

Rank: 7Rank: 7Rank: 7

纳金币
59338
精华
28

活跃会员 荣誉管理 突出贡献 优秀版主 论坛元老

板凳
发表于 2013-10-16 16:38:40 |只看该作者
太密集了,上传时请注意间隔
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

手机版|纳金网 ( 闽ICP备2021016425号-2/3

GMT+8, 2024-11-15 20:24 , Processed in 0.245635 second(s), 31 queries .

Powered by Discuz!-创意设计 X2.5

© 2008-2019 Narkii Inc.

回顶部