Exchanging Keys for encryption
Options
I am attempting to use the built in encryption provided by Photon. Originally I had assumed that the server would automatically exchange keys, but found that the moment I added the encrypt parameter, it told me I had to exchange keys first.
I began to do some digging around and found a few functions/classes, but it still isn't clicking for how you exchange the keys.
I found PhotonPeer.OpExchangeKeysForEncryption() which sends an OperationCode of 95 to the server. The server does not handle this, so it seems that I need to write a function to handle OperationCode 95. I found the DiffieHellmanKeyExchange class, which can build a shared key from the public key. I'm assuming that one of the parameters in the exchange is the public key and that I can recreate the shared key by doing something like:
Is there something else I'm missing? the client didn't like it when I just made the call to PhotonPeer.OpExchangeKeysForEncryption() claiming that i still didn't exchange keys. Do I still need to create another key on the server side and send it in the response and have it call DeriveSharedKey?
Is there some example code written? I know there was talk about putting it on DevNet, but i haven't found anything in my google or forum searches.
Thanks,
Christian
I began to do some digging around and found a few functions/classes, but it still isn't clicking for how you exchange the keys.
I found PhotonPeer.OpExchangeKeysForEncryption() which sends an OperationCode of 95 to the server. The server does not handle this, so it seems that I need to write a function to handle OperationCode 95. I found the DiffieHellmanKeyExchange class, which can build a shared key from the public key. I'm assuming that one of the parameters in the exchange is the public key and that I can recreate the shared key by doing something like:
[Operation(OperationCode = (byte)95)]
public OperationResponse OperationKeyExchange(Peer peer, OperationRequest request)
{
foreach(KeyValuePair<short, object> pair in request.Params)
{
if (pair.Value is byte[])
{
peer.PhotonPeer.InitializeEncryption((byte[])pair.Value);
}
}
}
Is there something else I'm missing? the client didn't like it when I just made the call to PhotonPeer.OpExchangeKeysForEncryption() claiming that i still didn't exchange keys. Do I still need to create another key on the server side and send it in the response and have it call DeriveSharedKey?
Is there some example code written? I know there was talk about putting it on DevNet, but i haven't found anything in my google or forum searches.
Thanks,
Christian
0
Comments
-
The InitializeEncryption method returns the servers generated public key which have to be send back to the client.
The Lite application which comes with the Photon server SDK includes code which handles the encryption initialization. Have a look at the HandleEstablishSecureCommunication method of the OperationRequestDispatcher class.0 -
In other words: You don't have to add server code if you extend Lite or LiteLobby.
On the client side, the keys are handed to your listener in an operation response. Take a look at the Game.cs from the Realtime Demo. In OperationResult(), it has a case for this operation-result, which applies the keys:
case (byte)LiteOpCode.ExchangeKeysForEncryption:
this.DebugReturn("OpExchangeKeysForEncryption response: " + SupportClass.HashtableToString(returnValues));
this.peer.DeriveSharedKey((byte[])returnValues[(byte)LiteOpKey.ServerKey]);
break;
Hope this helps.0 -
Ben and Tobias,
Yes, both posts were very helpful. I had started from the blank photon server so that I could recreate your MMO Demo from scratch and then break at the point where I felt it necessary for my game. Thanks to both of you, my client can now send encrypted operations.
Thanks again,
Christian0
