RoEncrypt - RSA Encrypt for Roblox

RoEncrypt : RSA Encrypt for Roblox

RoEncrypt is a module that enables RSA encryption using Roblox.

local RoEncrypt = require(game.ServerScriptService.RoEncrypt)
local httpservice = game:GetService("HttpService")

print("Generating RSA key pair...")
local start = os.clock()

local publicKey, privateKey = RoEncrypt.KeyGen.generateKeyPair()

print("Public key: "..httpservice:JSONEncode(publicKey))
print("Private key: "..httpservice:JSONEncode(privateKey))

print("Finished! Took " .. math.ceil(os.clock() - start) .. " seconds to generate keypair.")

local byteSize = 8
local bits = 256

local startTime = os.clock()

local msg = "hello" -- Maximum message size is bits / byteSize
print("Encrypting message...")
local res = RoEncrypt.Crypt.bytesToNumber(RoEncrypt.Crypt.stringToBytes(msg), bits, byteSize)
local encrypted = RoEncrypt.Crypt.crypt(privateKey, res)
print("Finished! Took " .. os.clock() - startTime .. " seconds to encrypt.")
print("encrypted: "..encrypted)

startTime = os.clock()
print("Decrypting message...")
local decrypted = RoEncrypt.Crypt.crypt(publicKey, encrypted)
local decryptedBytes = RoEncrypt.Crypt.numberToBytes(decrypted, bits, byteSize)
print("Finished! Took " .. os.clock() - startTime .. " seconds to decrypt.")
print("decrypted: "..RoEncrypt.Crypt.bytesToString(decryptedBytes))

Get module here:

https://www.roblox.com/library/5850898296/RoEncrypt

Seems pretty cool and useful actually, I’ll test out when I am available!

Just for documentation’s sake since this is under the Community Resources category, could you explain what use cases developers might have for using this module? Who would this best target for use?

During communication such as RemoteEvent, HTTPService, etc.

Specific examples please. Systems that you can create that might require encryption, or some interesting uses of it. For example, encrypting chats on a roleplay radio system where frequencies are shared for all teams and you need a key to see unencrypted chats (typical radio encryption probably wouldn’t be RSA, but just an idea). Listing services and objects on Roblox are too broad for developers, especially novice ones, to get an understanding of what your module can be used for.

Additionally, correct me if I’m wrong, but shouldn’t this not be used for RemoteEvents? That sounds like security through obscurity waiting to happen. Additionally, you would need a client-side method of sending a valid key which could be breached by an exploiter to spoof for remotes. How would encryption perform in that field as opposed to argument validation? Validation in itself is already quite secure, bar some areas where you need to allow just a bit of leeway (which then you (can) start looking into sanitisation there), but I don’t see it with encryption.

This RSA encryption only encrypts the data and does not protect the data from spoofing.

I’m making a sample now.

He doesn’t need to give examples, he is supplying a resource to the community for people who need it. If you don’t know what this is then you are not going to need it.

Actually, OP giving examples would be pretty nice. I would love to see ways to use this module on game in the future.

After reviewing the code here’s what I have too say.

1. Obfuscating your code with IronBrew V2 or one of it’s descendants was a terrible choice. IronBrew V2 can be easily constant dumped using this code

local old=table.concat
table.concat=function(brr)print(old(brr))return old(brr)end

2. Obfuscating your code shouldn’t be necessary. When using something to encrypt data, it’s source should be publicly accessible. There shouldn’t be ways to de-crypt the data without being the encryptor.

3. One example case was to use the module to encrypt remote arguments. Using this module to constantly encrypt the arguments will cause immense amounts of lag due to the fact that the server will keep having to run an obfuscated module per remote. IronBrew2 takes longer and makes more lag depending on how large the script is.

Anyhow, I recommend posting the source code onto a github. If your encryption module has flaws that are visible in the source that can de-crypt the data with said flaws, then you need to fix that.

If you want a better obfuscator that has no public constant dumping methods, I recommend dming @clv2 on discord in hopes of being invited into ClvBrew. clv’s discord is clv#7323

Can not. I got this output:

oof1531×974 127 KB

use Lua Online Compiler & Interpreter - Replit

paste those 2 lines at the top, then paste the obfuscated script under the “table.concat” script

Constants for Crypt
Constants for KeyGen

If the original source won’t be included in the module you might want to move this to #help-and-feedback:cool-creations since open-source is required for #resources:community-resources.

It’s not.

oof1917×943 115 KB

Yes, that is why it says constants, not source.

No, what I said is that there is no such constant.

EDIT: Also, wait, tostring, etc. is not a vaild constant

Sorry but I get the impression that your module is just an obfuscated version of this open source implementation: RSA encryption and decryption library in pure Lua for ComputerCraft · GitHub

There are many similarities between the constants of your obfuscated code and the strings in the source, ex:

image737×198 6.69 KB

Why would you release publicly available code obfuscated? (especially in this category)

Yes, this is the Roblox optimized version of this code.
Since this is originally for CC (Computer Craft), it will not work with ordinary Lua.

Don’t you think it would be good to credit the original author?

Also, can you elaborate on your optimizations to the code? The only difference I’ve noticed is that you’ve changed the io.open code to take an argument instead, and localized 2 global variables

image1066×380 8.17 KB

The rest is 1:1 the same.

Replaced functions, services, etc. that can only be used within CC.