Skip to content

Encryption utilities

The following components are used for encryption related interacions (generally needed during the communication with the server, after an encryption request during the login process)

mcproto.encryption.decrypt_token_and_secret

Decrypts the verification token and shared secret with the server's private key.

Parameters:

Name Type Description Default

private_key

RSAPrivateKey

The RSA private key generated by the server

required

verification_token

bytes

The verification token encrypted and sent by the client

required

shared_secret

bytes

The shared secret encrypted and sent by the client

required

Returns:

Type Description
tuple[bytes, bytes]

A tuple containing (decrypted token, decrypted secret)

mcproto.encryption.encrypt_token_and_secret

Encrypts the verification token and shared secret with the server's public key.

Parameters:

Name Type Description Default

public_key

RSAPublicKey

The RSA public key provided by the server

required

verification_token

bytes

The verification token provided by the server

required

shared_secret

bytes

The generated shared secret

required

Returns:

Type Description
tuple[bytes, bytes]

A tuple containing (encrypted token, encrypted secret)

mcproto.encryption.generate_rsa_key

generate_rsa_key() -> RSAPrivateKey

Generate a random RSA key pair for server.

This key pair will be used for LoginEncryptionRequest packet, where the client will be sent the public part of this key pair, which will be used to encrypt the shared secret (and verification token) sent in LoginEncryptionResponse packet. The server will then use the private part of this key pair to decrypt that.

This will be a 1024-bit RSA key pair.

mcproto.encryption.generate_shared_secret

generate_shared_secret() -> bytes

Generate a random shared secret for client.

This secret will be sent to the server in LoginEncryptionResponse packet, and used to encrypt all future communication afterwards.

This will be symetric encryption using AES/CFB8 stream cipher. And this shared secret will be 16-bytes long.

mcproto.encryption.generate_verify_token

generate_verify_token() -> bytes

Generate a random verify token.

This token will be sent by the server in LoginEncryptionRequest, to be encrypted by the client as a form of verification.

This token doesn't need to be cryptographically secure, it's just a sanity check that the client has encrypted the data correctly.