There are two parts to you question, as I read it:
- how do you store binary data at arbitrary locations in a file
- how do you encrypt the data
How do you store binary data at arbitrary locations in a file?
But first, savegame data is usually read into memory at the start of the game and then written back out at the end of the game, or when the user asks for the current state to be saved. So should you be thinking about how to save and recover the whole of the game state, rather than individual bits of it?
In this case, you could easily use a text file to store the ecrypted data. Even if the encryption algorithm produced a binary output, you could easily convert the data to a textual form for storage (e.g. base64 encoding.)
But if you do want to use a binary format, then part of the answer is in Disch's article about how to define the structure of a binary file.
Disch's tutorial to good binary files
The other part involves the istream::seekg method, which allows you to set the file pointer at any position in a file. You then use read and write to update the file.
Note that there is no ostream::seekg -- but you can use fstream, which inherits from both ostream and istream, to update files using seekg and write. A gottcha is that even if you only want to write to the file, you must still open it using both the in and out flags or the file will be truncated.
A couple more, last things about reading and writing data:
- if the savedata is going to be created on and used on a single machine, then you do not need to worry about endian-ness. That is only relevant if you need to transmit or copy data to other machines, and even then only if you're swapping between Windows (little-endian) and Linux (big-endian) computers.
- If you save and read the data all at the same time, you will be able to define a "SaveData" struct and use it to read and write the whole lot in one go. This will be dead easy if you don't have to worry about endian-ness.
How do you encrypt the data?
Well, the first thing to consider is how secure you need (or want) the data to be.
If you just want to deter regular users from altering the data, you could use use a simple encryption algorithm, like XOR. But if you want to use full strength encryption, you need something like AES; for this I'd probably use a cryptographic library (including Microsoft's CryptoAPI and CNG API) rather than code it myself (or "borrow" the code.)
But unless you plan to protect your application against debugging somehow, the full strength approach won't be any use against a real cracker as the keys will be visible in memory. They'll just run your app under a debugger and watch to see what functions you call and what their parameters are. So the simple approach is probably more appropriate for your use. Though linking the cryptographic calls in directly would make life a bit harder for them.
If you want to implement you own encryption, this alorithm might be of interest:
Tiny Encryption Algorithm
(I found out about it here, when checking my facts for this post:
please suggest a good encryption library
If you do go for a cryptographic library, you have the Microsoft API:
Cryptography API: Next Generation
Encrypting Data with CNG
A number of open source libraries, including:
Crypto++ Library 5.6.2
Speedtest and Comparsion of Open-Source Cryptography Libraries and Compiler Flags