Signatures

From LRREW
Revision as of 02:27, 2 July 2023 by Clockwork (talk | contribs)
Jump to navigation Jump to search

Signatures are found in many scripts and files used by Roblox. Originally introduced in 2009, it is now primarily used by the client to verify the authenticity of join scripts, CoreScripts, and other trusted scripts, as well as by the server to properly authenticate clients. Roblox uses the RSA public-key cryptosystem in order to both verify and sign messages.

Signatures are Base64 encoded and wrapped with percentage signs (an example would be %AQIDBA==%). However, since around version 0.116 (dated 8/14/2013) signatures must be prepended with --rbxsig[a] in order to be parsed correctly.

In certain Roblox versions, scripts require the asset ID after the signature. The asset ID must also be formatted in the same way as signatures are, surrounded by percentage signs; thus an example full signature for a script of asset ID 1234 would be %AQIDBA==%%1234%.

Notes

  1. Newer versions of Roblox have rbxsig2 and rbxsig4 to remain backwards compatible with older scripts, since they have now changed their RSA keypair. However, the algorithm remains the same.