Steamworks Documentation
SteamEncryptedAppTicket
Utilities to decode/decrypt encrypted application tickets.

See Encrypted Application Tickets for more information.

To use these functions you must include the steamencryptedappticket.h header, and link to the sdkencryptedappticket binary. As such, you can use these in an offline application that runs on a trusted server to authenticate the tickets you receive from clients.
Note: An encrypted app ticket can only contain up to 140 DLC appIDs. If your game intends to have more than that, you'll need to use Session Tickets/WebAPI to check for ownership.

Functions


These are global functions which do not require an interface to use.

SteamEncryptedAppTicket_BDecryptTicket

S_API bool SteamEncryptedAppTicket_BDecryptTicket( const uint8 *rgubTicketEncrypted, uint32 cubTicketEncrypted, uint8 *rgubTicketDecrypted, uint32 *pcubTicketDecrypted, const uint8 rgubKey[k_nSteamEncryptedAppTicketSymmetricKeyLen], int cubKey );
NameTypeDescription
rgubTicketEncryptedconst uint8 *The encrypted user authentication ticket that will be decrypted.
cubTicketEncrypteduint32The size of rgubTicketEncrypted in bytes.
rgubTicketDecrypteduint8 *The buffer where the decrypted ticket will get copied into.
pcubTicketDecrypteduint32 *The size of rgubTicketDecrypted in bytes.
rgubKeyconst uint8[[apitype]SteamEncryptedAppTicket::k_nSteamEncryptedAppTicketSymmetricKeyLen[/apitype]]The key used to encrypt/decrypt the ticket. This can not be longer than k_nSteamEncryptedAppTicketSymmetricKeyLen.
cubKeyintThe length of rgubKey.

Decrypts an encrypted application ticket.

The encryption key can be obtained from the Encrypted App Ticket Key page on the App Admin for your app.

If this call succeeded then you can use the other SteamEncryptedAppTicket functions to get more info about the decrypted ticket.

Returns: bool
true if the ticket has been decrypted successfully.
false under the following conditions:
  • cubKey was 0.
  • The size of the output buffer rgubTicketDecrypted is too small. It must be at least as big as rgubTicketEncrypted.
  • Reading rgubTicketEncrypted failed, this could happen if it's NULL or empty.
  • Encryption failed, likely because the key is incorrect.

See Also: ISteamUser::RequestEncryptedAppTicket

Example:
void DecryptTicket( uint8* rgubTicket, uint32 cubTicket ) { // Included is the secret encrypted app ticket key for spacewar. You should never send this to clients. const uint8 rgubKey[k_nSteamEncryptedAppTicketSymmetricKeyLen] = { 0xed, 0x93, 0x86, 0x07, 0x36, 0x47, 0xce, 0xa5, 0x8b, 0x77, 0x21, 0x49, 0x0d, 0x59, 0xed, 0x44, 0x57, 0x23, 0xf0, 0xf6, 0x6e, 0x74, 0x14, 0xe1, 0x53, 0x3b, 0xa3, 0x3c, 0xd8, 0x03, 0xbd, 0xbd }; uint8 rgubDecrypted[1024]; uint32 cubDecrypted = sizeof( rgubDecrypted ); if ( !SteamEncryptedAppTicket_BDecryptTicket( rgubTicket, cubTicket, rgubDecrypted, &cubDecrypted, rgubKey, sizeof( rgubKey ) ) ) { printf( "Ticket failed to decrypt\n" ); return; } if ( !SteamEncryptedAppTicket_BIsTicketForApp( rgubDecrypted, cubDecrypted, SteamUtils()->GetAppID() ) ) printf( "Ticket for wrong app id\n" ); CSteamID steamIDFromTicket; SteamEncryptedAppTicket_GetTicketSteamID( rgubDecrypted, cubDecrypted, &steamIDFromTicket ); if ( steamIDFromTicket != SteamUser()->GetSteamID() ) printf( "Ticket for wrong user\n" ); uint32 cubData; uint32 *punSecretData = (uint32 *)SteamEncryptedAppTicket_GetUserVariableData( rgubDecrypted, cubDecrypted, &cubData ); if ( cubData != sizeof( uint32 ) || *punSecretData != k_unSecretData ) printf( "Failed to retrieve secret data\n" ); }

SteamEncryptedAppTicket_BIsTicketForApp

S_API bool SteamEncryptedAppTicket_BIsTicketForApp( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted, AppId_t nAppID );
NameTypeDescription
rgubTicketDecrypteduint8 *The decrypted ticket to check.
pcubTicketDecrypteduint32 *The size of rgubTicketDecrypted in bytes.
nAppIDAppId_tThe App ID to compare against.

Verifies that a decrypted app ticket is for the expected application.

Returns: bool
true if the ticket belongs to the provided App ID; otherwise, false if it does not, or if the ticket is not valid.

SteamEncryptedAppTicket_BUserIsVacBanned

S_API bool SteamEncryptedAppTicket_BUserIsVacBanned( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted );
NameTypeDescription
rgubTicketDecrypteduint8 *The decrypted ticket to check.
pcubTicketDecrypteduint32 *The size of rgubTicketDecrypted in bytes.

Checks if the user associated with the ticket is VAC banned.

Returns: AppId_t
true if the user is VAC banned; otherwise, false if the user is not VAC banned, the ticket is not valid, or if the ticket doesn't have this information.

SteamEncryptedAppTicket_BUserOwnsAppInTicket

S_API bool SteamEncryptedAppTicket_BUserOwnsAppInTicket( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted, AppId_t nAppID );
NameTypeDescription
rgubTicketDecrypteduint8 *The decrypted ticket to check.
pcubTicketDecrypteduint32 *The size of rgubTicketDecrypted in bytes.
nAppIDAppId_tThe App ID to check if the user owns it.

Check that the ticket proves the user owns the given App ID.

This can be used for DLC and related App ID that is placed in the ticket, not just the main ticket's App ID.

Returns: bool
true if the ticket belongs to the provided App ID; otherwise, false if it does not, or if the ticket is not valid.

SteamEncryptedAppTicket_GetTicketAppID

S_API AppId_t SteamEncryptedAppTicket_GetTicketAppID( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted );
NameTypeDescription
rgubTicketDecrypteduint8 *The decrypted ticket to check.
pcubTicketDecrypteduint32 *The size of rgubTicketDecrypted in bytes.

Gets the App ID associated with a ticket.

Returns: AppId_t
Returns the App ID linked to the ticket. Returns 0 if the ticket is not valid.

SteamEncryptedAppTicket_GetTicketIssueTime

S_API RTime32 SteamEncryptedAppTicket_GetTicketIssueTime( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted );
NameTypeDescription
rgubTicketDecrypteduint8 *The decrypted ticket to check.
pcubTicketDecrypteduint32 *The size of rgubTicketDecrypted in bytes.

Gets the time that a ticket was issued.

Returns: RTime32
Returns the time as Unix epoch time (time since Jan 1st, 1970). Returns 0 if the ticket is not valid.

SteamEncryptedAppTicket_GetTicketSteamID

S_API void SteamEncryptedAppTicket_GetTicketSteamID( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted, CSteamID *psteamID );
NameTypeDescription
rgubTicketDecrypteduint8 *The decrypted ticket to check.
pcubTicketDecrypteduint32 *The size in bytes of the rgubTicketDecrypted.
psteamIDCSteamID *Returns the Steam ID associated with the ticket. Returns k_steamIDNil if the ticket is invalid.

Gets the Steam ID associated with a ticket.

SteamEncryptedAppTicket_GetUserVariableData

S_API const uint8 *SteamEncryptedAppTicket_GetUserVariableData( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted, uint32 *pcubUserData );
NameTypeDescription
rgubTicketDecrypteduint8 *The decrypted ticket to check.
pcubTicketDecrypteduint32 *The size in bytes of the rgubTicketDecrypted.
pcubUserDatauint32 *Returns the size of the user data.

Gets the variable length user data supplied when creating the ticket.

Returns: const uint8 *
Returns a pointer to the user data. Returns the size of this data via pcubUserData.

Constants

These are constants which are defined for use with SteamEncryptedAppTicket.

NameTypeValueDescription
k_nSteamEncryptedAppTicketSymmetricKeyLenint32The length of a key used with BDecryptTicket.