Skip to content

Encryption utilities

The following components are used for encryption related interacions (generally needed during the communication with the server, after an encryption request during the login process)

mcproto.encryption.decrypt_token_and_secret 

decrypt_token_and_secret(private_key: RSAPrivateKey, verification_token: bytes, shared_secret: bytes) -> tuple[bytes, bytes]

Decrypts the verification token and shared secret with the server's private key.

:param private_key: The RSA private key generated by the server :param verification_token: The verification token encrypted and sent by the client :param shared_secret: The shared secret encrypted and sent by the client :return: A tuple containing (decrypted token, decrypted secret)

mcproto.encryption.encrypt_token_and_secret 

encrypt_token_and_secret(public_key: RSAPublicKey, verification_token: bytes, shared_secret: bytes) -> tuple[bytes, bytes]

Encrypts the verification token and shared secret with the server's public key.

:param public_key: The RSA public key provided by the server :param verification_token: The verification token provided by the server :param shared_secret: The generated shared secret :return: A tuple containing (encrypted token, encrypted secret)

mcproto.encryption.generate_rsa_key 

generate_rsa_key() -> RSAPrivateKey

Generate a random RSA key pair for server.

This key pair will be used for :class:~mcproto.packets.login.login.LoginEncryptionRequest packet, where the client will be sent the public part of this key pair, which will be used to encrypt the shared secret (and verification token) sent in :class:~mcproto.packets.login.login.LoginEncryptionResponse packet. The server will then use the private part of this key pair to decrypt that.

This will be a 1024-bit RSA key pair.

mcproto.encryption.generate_shared_secret 

generate_shared_secret() -> bytes

Generate a random shared secret for client.

This secret will be sent to the server in :class:~mcproto.packets.login.login.LoginEncryptionResponse packet, and used to encrypt all future communication afterwards.

This will be symetric encryption using AES/CFB8 stream cipher. And this shared secret will be 16-bytes long.

mcproto.encryption.generate_verify_token 

generate_verify_token() -> bytes

Generate a random verify token.

This token will be sent by the server in :class:~mcproto.packets.login.login.LoginEncryptionRequest, to be encrypted by the client as a form of verification.

This token doesn't need to be cryptographically secure, it's just a sanity check that the client has encrypted the data correctly.