Using the Chain of Trust system in the Web Player

In this section you will learn how to create strongly-named assemblies and use them, in conjunction with Javascript, to interact with your own custom back-ends.

The Chain of Trust system allows external internet applications to trust requests which originate from within a Unity Web Player. This is useful if you wish to provide a full-featured API to Unity Developers creating games within the Unity Web Player. To use the Chain of Trust system, you must have some sort of internet application backend which accepts requests; the most common example would be a web application with a REST API. You must also have a Managed C# assembly which contains code for calling your internet application.

Generate a key pair

The first step in establishing a chain of trust is to create the cryptographic key pair needed to sign your assembly. Do this on Windows, OS X or Linux using the SN tool.

  1. To create a new key pair, open a command line terminal and type:
    sn -k myNewKey.snk
  2. Replace myNewKey.snk with the file name you'd prefer for your key pair. The file name does not matter from the point of view of the Chain of Trust system.
  3. Keep your .SNK file secure! If this file is leaked, a malicious developer can spoof your assembly.

Sign your assembly

Next take your Managed C# assembly (which you will use to call your backend), and sign it using the key pair you generated. You will need to use the al tool, which is included with Windows, OS X and Linux.

Signing the assembly is a simple process.

  1. Open a command line terminal, navigate to your Managed C# assembly and type:
    al /out:mySignedAssembly.dll myUnsignedAssembly.dll /keyfile:myNewSky.snk
    • mySignedAssembly.dll is the desired, final name of your assembly.
    • myUnsignedAssembly.dll is name of your normal, unsigned Managed C# assembly.
    • myNewKey.snk is name of your cryptographic key pair file.
  2. Once al finishes running, your signed assembly will be ready. Drop it into your Unity project for use with the Chain of Trust system.

Inject your secret

You can inject secrets into the Unity Web Player at any time after your Unity game has loaded. This is done with the Javascript SendMessage function exposed on the UnityObject2 Javascript object.

When you pass a specially-formatted message to a certain game object, the Chain of Trust system detects that you want to inject a secret and intercept the message. You do not need to create or rename any game objects to use this system. With a UnityObject2 instance called u the Javascript call will be:

u.GetUnity().SendMessage("ChainOfTrust_SetValueASDF", ".", "name=mySecretDataName;value=mySecretValue;publickey=publicKeyTokenOfMyAssembly");

Retrieve your secret

Once a secret has been injected into the Unity Web Player, you can only retrieve it with a cryptographically-signed ("strong named") Managed C# assembly with a matching public key token.

Page last updated: 2013-03-08