Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packet encryption using RSA #1996

Open
Measurity opened this issue Mar 4, 2023 · 3 comments · May be fixed by #2030
Open

Packet encryption using RSA #1996

Measurity opened this issue Mar 4, 2023 · 3 comments · May be fixed by #2030
Labels
Area: netcode Related to packet serialization and networking algorithms Type: enhancement Issue is to be solved by implementing new features

Comments

@Measurity
Copy link
Collaborator

Measurity commented Mar 4, 2023
edited

Describe the issue

Packets should be encrypted using symmetric encryption for privacy with reasonable speed. The password/key for the symmetric encryption is provided using an asymmetric encryption like RSA. This process is called envelope encryption.

How to implement

  1. Each server should generate a unique asymmetric private/public key pair (per save file?).
  2. The server announces only the public key when a client joins.
  3. The client will then generate a unique password that should be used for all packet encryption going forward, and encrypt it using the public key from server. Then the client sends the RSA encrypted symmetric encryption password to the server.
  4. A confirmation packet is sent to verify that the symmetric encryption is understood by both client and server using the client-side generated password.

If a client rejoins, the steps are repeated as-is. The client does not need to remember the public key since it might be changed in the future by server.

Further improvements and side notes

  • We can use the client generated password as authentication to the server (if it is remembered by server) instead of player name as is currently the case. But it's probably better to separate encryption from authentication and provide a new unique string to the server on join as authentication token.
@Measurity Measurity added Area: netcode Related to packet serialization and networking algorithms Type: enhancement Issue is to be solved by implementing new features labels Mar 4, 2023
@killzoms
Copy link
Collaborator

killzoms commented Mar 4, 2023

On Steam we can get an ID that is unique to each steam account that we can use, while on Epic Games... I believe there is a similar method. BUT Microsoft Store does not have this feature, Discord SDK might however

@tornac1234
Copy link
Collaborator

We could probably make an auth portal or smth that could even accept google authentication

@Measurity Measurity linked a pull request Apr 27, 2023 that will close this issue
Draft
4 tasks
@RokeJulianLockhart
Copy link

RokeJulianLockhart commented Oct 31, 2023
edited

#1996 (comment)

@tornac1234, Google OAuth is unavailable in some countries. Something more resilient (albeit basic) like OpenID might be better...?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: netcode Related to packet serialization and networking algorithms Type: enhancement Issue is to be solved by implementing new features
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add optional packet encryption Measurity/Nitrox
4 participants
@Measurity @killzoms @tornac1234 @RokeJulianLockhart