Open in app

Sign up

Sign in

Write

Sign up

Sign in

Signing a Message and Encryption

Alick Wong
ITNEXT
Published in
3 min readOct 1, 2019

--

Image by Pete Linforth from Pixabay
Image by Pete Linforth from Pixabay

Introduction

There are different kinds of hacking in mobile game industry. People might modify client data before sending to server, or spy on the data from server. The most common way to prevent these kind of hack is to encrypt and sign your message before sending out.

The main difference of “signing a message” and “encrypting a message” is that, “signing a message” make sure the message comes from right source and without modification. Whereas “encrypting a message” make sure the message can ONLY be read by authorised parties.

In this post, we will focus on signing message part.

Public Key and Private Key

I assume you have a basic understanding about encryption, in case you are not familiar with encryption keys, we go through it quickly here:

Usage

  • Content encrypted by Public Key can only decrypt by its private key.
  • Content encrypted by Private Key can only decrypt by its public key.

Public Key

  • For public use, you can upload it to the web, or send it with your message.
  • Mainly use for encryption and open sign (verify sign)

Private Key

  • Should keep it secret, better to add a password
  • Mainly use for decryption and sign a message

About Signing a Message

Why we need to sign a message

  • To prevent data modification by third party in the middle of data transfer
  • Make sure the message come from the right source

How it works

  1. Signing the Message
  • ServerA calculate a hash from the messageM (the message you want to encrypt)
  • ServerA encrypt the hash by using private key (This is signing the message)

2. Send out the message and hash

  • ServerA send the messageM and encryptedHash to ClientB (messageM don’t need to encrypt, just the original message)

3. Open the Signed Message

  • ClientB decrypt the encryptedHash by using public key from serverA
  • ClientB calculated the hash by using messageM and compare with decrypted hash, if two hash is the same, the messageM is valid and not modified by third party in the middle of transfer.

Show me the code

Core Code

Config File

Encryption Service

Conclusion

In this post, we only talk about how to make sure the message come from the right source, but the message is still can be read in the middle of transfer. If we want to make sure the message can only be read by authorised parties, we will need to encrypt the message too.

Security
Encryption
Nodejs
Typescript
Signature

--

--

Alick Wong
ITNEXT
Follow

Written by Alick Wong

117 Followers

AWS Solutions Architect. Former co-founder of a game studio. Web Developer. Passionate about web technology. https://www.linkedin.com/in/alick-wong

Follow

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams