We present a demo showing how you can keep your web application data encrypted (with decryption key embedded in your application code).

By default, when you build a web application, the data is packed into a ZIP file, and a person that wants to access your data can download this ZIP and unpack the data on their own system (and e.g. extract your 3D models or textures).

The demo on demo_encrypt_decrypt_data shows how to prevent this. The data gets encrypted using BlowFish with your password, and then it is decrypted as you access it from your WebAssembly application. Read the README.md instructions in the demo for

• how to build it,
• how it works,
• how to adopt it to your own applications,
• and, to be clear and explicit, what are the limitations of this approach. It’s not a fool-proof solution to keep your data secret from a dedicated attacker, and there’s no such solution (in any game engine).

The README in the demo_encrypt_decrypt_data project already explains all the details, so if this sounds interesting, please read it 🙂

Big thank you go to UND DREAM Lab for sponsoring this demo through Patreon! Your donations to Castle Game Engine make our engine sustainable.