Encryption utilities¶
The following components are used for encryption related interacions (generally needed during the communication with the server, after an encryption request during the login process)
mcproto.encryption.decrypt_token_and_secret
¶
decrypt_token_and_secret(private_key: RSAPrivateKey, verification_token: bytes, shared_secret: bytes) -> tuple[bytes, bytes]
Decrypts the verification token and shared secret with the server's private key.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
|
RSAPrivateKey
|
The RSA private key generated by the server |
required |
|
bytes
|
The verification token encrypted and sent by the client |
required |
|
bytes
|
The shared secret encrypted and sent by the client |
required |
Returns:
Type | Description |
---|---|
tuple[bytes, bytes]
|
A tuple containing (decrypted token, decrypted secret) |
mcproto.encryption.encrypt_token_and_secret
¶
encrypt_token_and_secret(public_key: RSAPublicKey, verification_token: bytes, shared_secret: bytes) -> tuple[bytes, bytes]
Encrypts the verification token and shared secret with the server's public key.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
|
RSAPublicKey
|
The RSA public key provided by the server |
required |
|
bytes
|
The verification token provided by the server |
required |
|
bytes
|
The generated shared secret |
required |
Returns:
Type | Description |
---|---|
tuple[bytes, bytes]
|
A tuple containing (encrypted token, encrypted secret) |
mcproto.encryption.generate_rsa_key
¶
generate_rsa_key() -> RSAPrivateKey
Generate a random RSA key pair for server.
This key pair will be used for LoginEncryptionRequest
packet,
where the client will be sent the public part of this key pair, which will be used to encrypt the
shared secret (and verification token) sent in LoginEncryptionResponse
packet. The server will then use the private part of this key pair to decrypt that.
This will be a 1024-bit RSA key pair.
mcproto.encryption.generate_shared_secret
¶
generate_shared_secret() -> bytes
Generate a random shared secret for client.
This secret will be sent to the server in LoginEncryptionResponse
packet,
and used to encrypt all future communication afterwards.
This will be symetric encryption using AES/CFB8 stream cipher. And this shared secret will be 16-bytes long.
mcproto.encryption.generate_verify_token
¶
generate_verify_token() -> bytes
Generate a random verify token.
This token will be sent by the server in LoginEncryptionRequest
, to be
encrypted by the client as a form of verification.
This token doesn't need to be cryptographically secure, it's just a sanity check that the client has encrypted the data correctly.