Rivest–Shamir–Adleman (RSA) cryptosystem in Luau

The documentation stated above mention how to use this library correctly!

By nature
if you have to encrypt a file
your doing it wrong

1 Like

I can think of one use-case;

Say you have an admin system and when you press like \ to do the hidden commands you could encrypt those to make those SUPER secret. (preventing remove event spy thingy hacky)

1 Like

Security through obsurity is like putting a key under your doormat
not a good idea

2 Likes

Horrible use case. the only valid use case i know so far is to learn/educate

1 Like

This is a use case:

It will also be added to a new model I’m making. More info on that coming soon!

Teleport data seems like the only use case for this, but this is quite nice to include.

Use case is using RSA256 to sign JSON Web Tokens in server → server context (you cannot imagine how grateful I am to find this at midnight after thinking I had to ditch a project because managing Roblox → OAuth2 → endpoint is a huge pain) [at least provided, I’m doing this correctly]

7 Likes

I have one that I’m working on right now. It’s to encrypt data between the client and the server to prevent Remote Spy from getting any information that an exploiter can use. This is, of course, above and beyond the standard practice of securing remotes on the server.

1 Like

How would one use this with raw binary data?

I managed to make this work with strings by converting them into numbers, possibly you could do the same.

Will you add padding to this eventually?

Is there a module that allows the reverse of this to be true, allowing the data to be encrypted with the private key and decrypted with the public key?

very cool module, thank you for sharing

1 Like

Will there be higher key sizes support? Can you use this to make an E2EE (End to end encrypted) chat for AES key exchange?

Yes! However, I recently noticed that I messed up with the key length. It’s actually doubled so if you want RSA-512 you have to use RSA.newKeys(256) :sweat_smile:

This library will get an update so it won’t be a problem in the future, as well as other things I have planned.

Of course!

What about 2048 or 4096 bits? Would I use RSA.newKeys(1024) then? 2048 bits is considered secure from brute force today.

Yes, like that! If you’ve wanted 4096 bits, you would use RSA.newKeys(2048). Notice however that currently the multiplication algorithm is not optimal for these use cases, so you would have to add some task.wait() in the main module.

For E2EE chat implementation, how would I use the module’s verify function? I was thinking of showing the hash of the public key on the user and recipient’s end, if they are the same, it is verified.

The verify function currently compares two bigInts and verifies if both have equal quantity.

It is intended when starting a signing process, it usually works with the sender hashing the message, decrypting and sending it along with the original one. The reciever then decrypts the message, encrypt its hash and here’s where verify function is used.

How do I get around the Script timeout? Like you said, I can put task.wait(), but the whole purpose of my Roblox game is E2EE chat, so I’m not adding that and making it the fastest.

It seems like the live Roblox game client does not have a script timeout, but the client closes if it freezes for too long.