Individual private key for every server

[Zbizu]

Current problem

Private key is publicly available. This creates a security risk.
I am aware that most of the code will be in the client or related tools, but adding an option to get a public key through protocolstatus is a good start.

Explanation of what you want to do that is currently impossible

Generate a private key for the server without making a custom client with a dedicated public key.
Could be generated during first launch of the server using current timestamp and other system data as input.

Desired functionality

• generate a private key if wasn't generated before
• Send the public key through protocolstatus (the same way OT lists communicate to get server info)

otclient example:
character list -> input the server address -> the client asks for public key

• the server responds: connect using obtained public key
• the server ignores the request: connect using default public key

other client(s) example:

ip changing tool sets the ip, port and default public key -> asks the server for custom public key -> if the server responds, the tool changes the public key in the client again

Available workarounds

Embedding public key in the client manually, then asking the players to download it

Prior art

otclient script to get server info (intended to refresh the status of servers before login, but never finished)
this could be edited to request the public key from the server

-- @docclass
ProtocolStatus = extends(Protocol, "ProtocolStatus")

function ProtocolStatus:login(host, port)
	self.ping = os.clock()
	self.retreivedServerInfo = {}
	
    if string.len(host) == 0 or port == nil or port == 0 then
        signalcall(self.onStatusError, self, tr("You must enter a valid server address and port."))
        return
    end

    self.connectCallback = self.sendStatusPacket
    self:connect(host, port)
end

function ProtocolStatus:sendStatusPacket()
    local msg = OutputMessage.create()
    msg:addU8(255)
	msg:addU8(1)
	msg:addU8(9)

    --msg:addU8(0xff)
    --msg:addU8(0xff)
    --msg:addU8(0x69)
    --msg:addU8(0x6e)
    --msg:addU8(0x66)
    --msg:addU8(0x6f)

    self:send(msg)
	self:recv()
end

function ProtocolStatus:onConnect()
    self.gotConnection = true
    self:connectCallback()
    self.connectCallback = nil
end

function ProtocolStatus:onRecv(msg)
	local msg_t = {}
	local msg_str = ""
	self.ping = os.clock() - self.ping
	self.ping = math.floor(self.ping * 1000)
	

	msg:skipBytes(1)
	self.retreivedServerInfo.name = msg:getString()
	self.retreivedServerInfo.ip = msg:getString()
	self.retreivedServerInfo.port = msg:getString()
	
	msg:skipBytes(1)
	self.retreivedServerInfo.online = {msg:getU32(), msg:getU32(), msg:getU32()}
	
	pinfo("ping: " .. self.ping .. "ms")
	pinfo("Server name: " .. self.retreivedServerInfo.name)
	pinfo("Address: " .. self.retreivedServerInfo.ip .. ":" .. self.retreivedServerInfo.port)
	pinfo("online: " .. self.retreivedServerInfo.online[1] .. "/" .. self.retreivedServerInfo.online[2] .. " (" .. self.retreivedServerInfo.online[3] .. ")")
	
    self:disconnect()
end

function ProtocolStatus:parseError(msg)
    local errorMessage = msg:getString()
    signalcall(self.onStatusError, self, errorMessage)
end

function ProtocolStatus:onError(msg, code)
    local text = translateNetworkError(code, self:isConnecting(), msg)
    signalcall(self.onStatusError, self, text)
end

function testRequest(ip, port)
    protocolStatus = ProtocolStatus.create()
    protocolStatus.onStatusError = onError
    protocolStatus:login(ip, port)
end

[Zbizu]

cryptoPP lib which is in TFS already can be used

generating key pair with cryptoPP (not mine):
https://gist.github.com/TimSC/5251670

PEM encoding:
https://www.cryptopp.com/wiki/PEM_Pack