Skip to content

Commit ea626b5

Browse files
TwoTenPvPTwoTenPvP
committed
Improved encryption documentation
1 parent 1bb7a8f commit ea626b5

File tree

1 file changed

+21
-1
lines changed

1 file changed

+21
-1
lines changed

docs/_docs/advanced-topics/message-encryption.md

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,28 @@ title: Message Encryption
33
permalink: /wiki/message-encryption/
44
---
55

6+
### Inner Workings
67
If Encryption is enabled in the NetworkConfig, a ECDHE Keyexchange will take place to establish a shared key, unique for every client and session. If SignKeyExchange is also enabled, the Server will provide it's SSL certificate for the client to use. This is essentially a clone of the TLS handshake and validation.
78

89
The certificate validation method can be changed with a delegate in the CryptographyHelper, but it defaults to the default .NET validation and checks that the hostname is valid or is "127.0.0.1", note that the certificate only has to be set on the server and only PFX formats is supported. The PFX Base64 string has to include the private key.
910

10-
If you want to use custom encryption or just need a shared secret between the server and client, you can grab the key that the MLAPI got in the handshake key-exchange from the CryptographyHelper.
11+
If you want to use custom encryption or just need a shared secret between the server and client, you can grab the key that the MLAPI got in the handshake key-exchange from the CryptographyHelper.
12+
13+
### Encrypted and/or Authenticated RPC
14+
Since encryption can be quite intimidating for many new programmers. The MLAPI makes it super easy to encrypt and authenticate your rpc messages. This is the most common way of using encryption in the MLAPI.
15+
16+
When sending RPC's you can set an optional security flag. This will decide whether your message is encrypted, authenticated or both.
17+
18+
```csharp
19+
// For the examples below the channel is null, this will use the default channel
20+
21+
// Plain text
22+
InvokeServerRPC(MyRpcMethod, myRpcMethodParam, null, SecuritySendFlags.None);
23+
// Encrypted, IV appended
24+
InvokeServerRPC(MyRpcMethod, myRpcMethodParam, null, SecuritySendFlags.Encrypted);
25+
// Authenticated
26+
InvokeServerRPC(MyRpcMethod, myRpcMethodParam, null, SecuritySendFlags.Authenticated);
27+
// Encrypted, then the encrypted version is authenticated. Including the IV
28+
InvokeServerRPC(MyRpcMethod, myRpcMethodParam, null, SecuritySendFlags.Encrypted | SecuritySendFlags.Authenticated);
29+
```
30+

0 commit comments

Comments
 (0)