Godot Multiplayer - DTLS Encryption with SSL Certificates | Godot Dedicated Server #7

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

whoa what are you doing here are you eavesdropping i'm trying to log into my bank are you crazy luckily i don't have to worry that much because my connection is secure indicated by the s in https i've also got this padlock telling me my connection is secure that there's a certificate and that is valid and all of that means is that a 4096-bit encryption method is protecting the line securing the line between my device and the servers of bank of america and i'm going to be teaching you in this kodak tutorial how you can create these certificates for yourself within godot and then use them on top of our network architecture to protect the usernames and passwords of our players when they try to log into the game let's get started whether you watched all previous tutorials or just dropped into the series for the very first time it doesn't really matter this tutorial is pretty much standalone and you can apply the lessons that i'm going to be teaching you to pretty much any project for those of you that follow along consider it an extension of the project for those of you that just dropped in consider what i'm going to be doing a demonstration so with that out of the way i've alluded a number of times in the previous six episodes on the importance of security and your responsibility as a game developer to protect passwords and usernames of your players so in this tutorial we're going to be protecting the connection between the clients and the gateway we'll use different methods in future tutorials to protect the connection between the gateway and authentication server and the authentication server and the game servers the connection between the clients and the game servers is not going to be protected with encryption as that would increase the latency too much we have used network token verification in the last episode number six to ensure that there's no unauthorized players logging into the clients so with that said the first thing we need is an ssl certificate so let's get that going so to create our certificate we're gonna start out with a new project and i hear you say omg server we already got four projects we need a fifth one like yeah technically we don't need a fifth one but the certificate generator is going to be reusable indefinitely in the future for this project but also for your future multiplayer projects and having a separate project is gonna help you to just generate more certificates in the future without having to redo this code so consider it a little bit of an application by itself to generate your certificates so i've called this the x 509 certificate generator and the x 509 is not a funny name that's actually sort of like the technical indicator of these of the encryption method that's behind the ssl certificate so that's how i call it like that so we're going to open this up and i've already programmed it and i'm just going to show you how i've done it it's not that complicated actually go up makes it really easy so i simply created a new normal node just a normal node node no no no no i've called it x 509 generator and i gave it a script and on that script this is everything you need to create your certificate what we do is we first define two file names so these are going to be the output what is going to be produced we're going to get a certificate and we're going to get a key so we're going to call the certificates x 509 certificates and the key x 5.9 key the file types are s c rt for certificate and key for the key kind of logic isn't it then we also define two paths where we want to save these files to and i'm simply going to be using the standard default username if you want to put this as a real application into a separate folder you could go to project project settings and under config you could set the use custom user directory to on that way it's not going to go into the go dot user files but in a separate user file but yeah that's just details really so we're going to be creating this as a little folder called certificate and we're going to be appending those file names and key names to it so that would be the location where we store this stuff now when we generate a certificate we need a couple of things and i've actually made sure that i have that open when we generate a certificate we need a crypto key and that's the key we're going to be making then we also need to input a string of the issuer name that's basically your server or in case of websites your domain name then it's oh my organization and c is the country code letter based on iso something something pretty sure it's down here ah here iso 3166 if you don't know your country code you can google that with your country name and it will give you the country code that you have to use then we can also optionally put extra two extra variables in there that's not before and not after that's going to give you a danger range through which though that is valid by default it's 2014 january first uh midnight up to 2034 january 1st midnight uh but we probably want to be changing this especially once you release your game and you want your half your certificates uh certified or or verificated by a independent body then i believe they only accept a certificate that has a maximum duration of one year so that's something to keep in mind however what is important to see here is that this issuer name that we have to give is one long string it's not like separate um arguments that we have to pass them into we pass in one long string that's kind of important so back to the project this is basically that string that we have to input and we are simply just going to be building that string up so i've separated all of this the cm the my server is just going to call it multiplayer tutorial my organization i'm from the game development center subscribe and the country code well i'm in the netherlands so i used nl now for the not before not after i set that to october the 23rd it's like the 24th i think today and we're going to make it valid up till the the 22nd of october and like one minute before midnight so with that said these are sort of like the settings that you can just reset and you know you need a new certificate just change these settings and you're good to go you got a new project just change the project name you got a new date just change the dates and you're going to be good so this is pretty much like your uh your options menu you could export these variables as well if you find that's comfortable i don't really care so we're just going to run under the ready function we're going to create a new directory because maybe if this is the first time you make it this certificate directly doesn't exist yet and then we have to make it so we're gonna check if that directory exists and if it exists well then we don't have to do anything if it doesn't then we're going to make it easier that then we're going to run our function create 509 certificate and if that is done we print certificate created so we can check whether things actually happened then when we create the certificate we're first going to be creating that long string that we see on the top there so now you can know that that's what that does i can now delete that so i'm going to call it the c knock i just appended all those letters that's going to be the string c n plus c n so plus multiplier tutorial plus comma o is and then that's going to be game development center with this o and then the c is then going to be of course an l and like that we get one string that we then can put right there into our generate self-signed certificate then we're going to need this this crypto key so for that we need a crypto class we're going to create a new one for that and in the crypto class we're going to generate rsa and then the 4096 indicating the 4096 bits that we need that is going to be stored as the crypto key then we are going to be generating our certificate we do that with that function that is also a function that's part of the crypto class so you do have to call that crypto class there we input the crypto key we input our issuer string we input the not before and the not after and just like that we have a certificate created this key is important and that certificate is important so we're going to be saving both of them to the paths that we have indicated on the top there and just like that we actually have a certificate so i got that folder in one of these right here so here you can see the the path name i'll zoom in on a little bit where this is going to be stored so this is the standard default if you don't use a unique directory if you do use a direct unique directory uh instead of go dot app user data it would have set right after roaming it would have set x 509 certificate generator certificate so you're just basically cutting that piece of gold app user data you're cutting that out there if you use a little uh tick box that i showed you in the project settings okay but you can see it's empty right now now i'm just going to play my project and right here we can see in the output certificate created and now i can close the project and now if i open my folder i suddenly have a certificate and a key and here we go we got a certificate now there's one important thing to note and this is as you've probably noticed a self-signed certificate and it doesn't sound super secure and you're right so let's talk just 30 seconds about that and then we'll get going how we can actually use these certificates into securing our connection hey remember this page when i hover over this certificate valid we see that it's been issued by the entrance certification authority that means that a third party has signed off on this certificate and is not self-signed what our browsers when we're browsing the internet do you know the edge and chromes that we use every day whenever they communicate to a website they're gonna receive the certificate of that website and they're gonna validate or verify that against international databases to see if it's verified and third-party signed now that's why this pop-up appears here and if that certificate is not valid it's verified and comes back false we're going to get these kind of things big red cross telling us that it's invalid it's out of date or it's self signed now of course golda is not going to throw us these kinds of pop-ups but goda by default does verify the certificate that we provide against those international databases so we need a third party you would think but at the same time you know going to a third party it's going to cost you a couple of dollars not a lot don't worry i quickly googled for you 10 25 is what you can expect per year so it's not that expensive however if we can make sure that we don't have those costs during development and only have to start incurring those costs when we actually release a game that would be better right so goto provides a function that is called dtls verify it's basically a parameter and by default it's untrue and we just by setting that to false we'll be able to use these self-signed certificates during our development and only once we are actually releasing the game we have to start worrying about going to a third party and spaying those couple of bucks to actually have them signed off so we have our certificate self signed now we want to do something with it i'm here on my golda project with the four separate sub sub-projects the client the game server the gateway and the authentication server under the client we'll do that one first i'm going to go to resources i've created a new folder here certificate and i've added the certificate that came out of the generator i've added that to here now this is super important get this right don't ever give that key file to the client because then the player has access to it and that key file is supposed to stay private if the player gets that key file you're basically nullifying any type of security you had hopes to increase using these techniques because they can simply sign the certificates themselves and just basically bypass whatever you just did so don't give the key file to the client going back now going to the gateway added a new full certificate and here i have added both the certificate and the key that means that the certificate file on both the client and the gateway are identical they're the same they're copies of each other and only the server is going to get that key file with the files in our folders i'm now going to switch to godot i'm going to start with the client side so on the client side i'm going to go to the singleton the gateway singleton and that of course connects to the gateway server on the top here i've loaded up our certificate file now take note i'm using load and you've probably learned that when you load something on top of the script you have to use preload well the certificate and the key file have their own separate load and save functions so you should actually use load it may even break using preload i haven't tested that because well load is the way to go with that certificate loaded up we now have three new lines of code right here between when we start initiating the network and when we actually set that network to the network pier these three lines from top to bottom are first going to enable the dtls that's the encryption method that we are using with these certificates we are going to set the dtls verify enabled to false this is that moment that we tell godot to please not verify our certificate against international databases because we know it's self-signed during the production process i've noted here that set this to true when using signed certificates when you start releasing your game then under network we set the dtls certificate to that search which is of course a variable on the top here that we've defined or loaded our cert into and just like that now our client is going to try and establish the connection with the gateway using this detail dtls encryption it's as easy as that but of course we also have to initiate the gateway side to make sure that that is actually receiving that connection and actually is going to start making that handshake so i'm going to switch to the um gateway and to the gateway singleton here and on the top here i'm initiating or loading my certificate and my key in exactly the same way that we just did on the player side then just like we have on the player we got three new lines of code the first one is again set detail dtls yeah it's a tongue twister to true here we set the key and the cert and as you can see on the server we do not have to set that verify enabled to false because on the server side that check that verification that's not being done that's only being done on the client and just like that you you got your your your dtls uh encrypted connection so i can rerun the gateway the authentication server and the game server actually already running and now just like that when i log in you can see right here under the connection that although we've made all those changes now we can still log in as normal it takes a little bit longer we have a little bit more lag but that is only at the start of the game when the player logs in so i got one important last thing to say this dtls enabled network multiplayer e-net connection will only work in goto 3.23 i was trying to program this earlier today in 3.22 and i just couldn't get it to work this buck just kept on popping up i couldn't understand it until i upgraded and everything was was all smooth and good so make sure you got that latest version or join me in my frustration that was it for today guys hope you like it if you did smash that like button hit subscribe don't forget that little bell icon to make sure that you don't miss out on the next tutorial in this multiplayer series now i've got a little bit of a news item news from game development center i've been live streaming live on youtube for a week now and i'm not new to live stream and i've put in more than 100 live streams on the game development of soul whisperer my own project on twitch but now instead of asking you to come to twitch i just picked up the whole show and brought it to youtube so you know you can all join in on the fun so you're going to see a couple more notifications probably when i go live and when the live streams are uploaded as a video to my channel they're re-watchable for 14 days in case you ever missed one i'll make sure that's my responsibility i think that the thumbnails are easily recognizable so you can immediately see like hey this is a live stream hey this is tutorial this is what i'm interested in and this is well i may be watching another time um so that's what i'll be trying to do i know definitely suggest you visit the live stream one day they're super cool super active so many people are chatting asking good questions you know you know me i'm i'm going to try and answer them to the best of my abilities but then live on camera you know not having that practice uh that i can right now this is take 37 38 already oh okay um so yeah that's uh that's what's going on that's the news item and i hope to see you there one day until then keep on gaming keep on coding see you later guys

Info

Channel: Game Development Center

Views: 3,905

Rating: undefined out of 5

Keywords: Godot Multiplayer, Godot DTLS, Godot Encryption, Godot SSL Certificate Godot Multiplayer Security, Godot Project Passwords, Godot Network, Godot Multiplayer Tutorial, Godot Dedicated Server, Godot Multiplayer Server, How to make a multiplayer game, Godot MMO, Godot Beginner Tutorial, Godot 2d Tutorial, Godot Tutorial, Godot

Id: gcopx40pwvY

Channel Id: undefined

Length: 16min 36sec (996 seconds)

Published: Sun Oct 25 2020