You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Private key is publicly available. This creates a security risk.
I am aware that most of the code will be in the client or related tools, but adding an option to get a public key through protocolstatus is a good start.
Explanation of what you want to do that is currently impossible
Generate a private key for the server without making a custom client with a dedicated public key.
Could be generated during first launch of the server using current timestamp and other system data as input.
Desired functionality
generate a private key if wasn't generated before
Send the public key through protocolstatus (the same way OT lists communicate to get server info)
otclient example:
character list -> input the server address -> the client asks for public key
the server responds: connect using obtained public key
the server ignores the request: connect using default public key
other client(s) example:
ip changing tool sets the ip, port and default public key -> asks the server for custom public key -> if the server responds, the tool changes the public key in the client again
Available workarounds
Embedding public key in the client manually, then asking the players to download it
Prior art
otclient script to get server info (intended to refresh the status of servers before login, but never finished)
this could be edited to request the public key from the server
-- @docclass
ProtocolStatus = extends(Protocol, "ProtocolStatus")
function ProtocolStatus:login(host, port)
self.ping = os.clock()
self.retreivedServerInfo = {}
if string.len(host) == 0 or port == nil or port == 0 then
signalcall(self.onStatusError, self, tr("You must enter a valid server address and port."))
return
end
self.connectCallback = self.sendStatusPacket
self:connect(host, port)
end
function ProtocolStatus:sendStatusPacket()
local msg = OutputMessage.create()
msg:addU8(255)
msg:addU8(1)
msg:addU8(9)
--msg:addU8(0xff)
--msg:addU8(0xff)
--msg:addU8(0x69)
--msg:addU8(0x6e)
--msg:addU8(0x66)
--msg:addU8(0x6f)
self:send(msg)
self:recv()
end
function ProtocolStatus:onConnect()
self.gotConnection = true
self:connectCallback()
self.connectCallback = nil
end
function ProtocolStatus:onRecv(msg)
local msg_t = {}
local msg_str = ""
self.ping = os.clock() - self.ping
self.ping = math.floor(self.ping * 1000)
msg:skipBytes(1)
self.retreivedServerInfo.name = msg:getString()
self.retreivedServerInfo.ip = msg:getString()
self.retreivedServerInfo.port = msg:getString()
msg:skipBytes(1)
self.retreivedServerInfo.online = {msg:getU32(), msg:getU32(), msg:getU32()}
pinfo("ping: " .. self.ping .. "ms")
pinfo("Server name: " .. self.retreivedServerInfo.name)
pinfo("Address: " .. self.retreivedServerInfo.ip .. ":" .. self.retreivedServerInfo.port)
pinfo("online: " .. self.retreivedServerInfo.online[1] .. "/" .. self.retreivedServerInfo.online[2] .. " (" .. self.retreivedServerInfo.online[3] .. ")")
self:disconnect()
end
function ProtocolStatus:parseError(msg)
local errorMessage = msg:getString()
signalcall(self.onStatusError, self, errorMessage)
end
function ProtocolStatus:onError(msg, code)
local text = translateNetworkError(code, self:isConnecting(), msg)
signalcall(self.onStatusError, self, text)
end
function testRequest(ip, port)
protocolStatus = ProtocolStatus.create()
protocolStatus.onStatusError = onError
protocolStatus:login(ip, port)
end
The text was updated successfully, but these errors were encountered:
Current problem
Private key is publicly available. This creates a security risk.
I am aware that most of the code will be in the client or related tools, but adding an option to get a public key through protocolstatus is a good start.
Explanation of what you want to do that is currently impossible
Generate a private key for the server without making a custom client with a dedicated public key.
Could be generated during first launch of the server using current timestamp and other system data as input.
Desired functionality
otclient example:
character list -> input the server address -> the client asks for public key
other client(s) example:
ip changing tool sets the ip, port and default public key -> asks the server for custom public key -> if the server responds, the tool changes the public key in the client again
Available workarounds
Embedding public key in the client manually, then asking the players to download it
Prior art
otclient script to get server info (intended to refresh the status of servers before login, but never finished)
this could be edited to request the public key from the server
The text was updated successfully, but these errors were encountered: