Rivest–Shamir–Adleman (RSA) cryptosystem in Luau

This is a use case:

It will also be added to a new model I’m making. More info on that coming soon!

Teleport data seems like the only use case for this, but this is quite nice to include.

Use case is using RSA256 to sign JSON Web Tokens in server → server context (you cannot imagine how grateful I am to find this at midnight after thinking I had to ditch a project because managing Roblox → OAuth2 → endpoint is a huge pain) [at least provided, I’m doing this correctly]

7 Likes

I have one that I’m working on right now. It’s to encrypt data between the client and the server to prevent Remote Spy from getting any information that an exploiter can use. This is, of course, above and beyond the standard practice of securing remotes on the server.

1 Like

How would one use this with raw binary data?

I managed to make this work with strings by converting them into numbers, possibly you could do the same.

Will you add padding to this eventually?

Is there a module that allows the reverse of this to be true, allowing the data to be encrypted with the private key and decrypted with the public key?

very cool module, thank you for sharing

1 Like

Will there be higher key sizes support? Can you use this to make an E2EE (End to end encrypted) chat for AES key exchange?

Yes! However, I recently noticed that I messed up with the key length. It’s actually doubled so if you want RSA-512 you have to use RSA.newKeys(256) :sweat_smile:

This library will get an update so it won’t be a problem in the future, as well as other things I have planned.

Of course!

What about 2048 or 4096 bits? Would I use RSA.newKeys(1024) then? 2048 bits is considered secure from brute force today.

Yes, like that! If you’ve wanted 4096 bits, you would use RSA.newKeys(2048). Notice however that currently the multiplication algorithm is not optimal for these use cases, so you would have to add some task.wait() in the main module.

For E2EE chat implementation, how would I use the module’s verify function? I was thinking of showing the hash of the public key on the user and recipient’s end, if they are the same, it is verified.

The verify function currently compares two bigInts and verifies if both have equal quantity.

It is intended when starting a signing process, it usually works with the sender hashing the message, decrypting and sending it along with the original one. The reciever then decrypts the message, encrypt its hash and here’s where verify function is used.

How do I get around the Script timeout? Like you said, I can put task.wait(), but the whole purpose of my Roblox game is E2EE chat, so I’m not adding that and making it the fastest.

It seems like the live Roblox game client does not have a script timeout, but the client closes if it freezes for too long.

You’d be better of with aes or chacha. RSA key gen is very slow

I have to use RSA for AES key exchange, how else am I supposed to pass the AES key??! Telling the player to give the AES key to the recipient using other communication methods???

You’d replace rsa with Elliptic Curve Diffie-Hellman. ECC provides the same security level with smaller key sizes (e.g., a 256-bit ECC key is comparable to a 3,072-bit RSA key)

So I use the ECC module that is in EncryptedNet? It seems like the keypair function doesn’t let me put the amount of bits as in strength.

Yeah

I’ve never used EncryptedNet before just found it while mooching around so I’m not sure how it handles custom bit sizes