Utilities to decode/decrypt encrypted application tickets.
See
Encrypted Application Tickets for more information.
To use these functions you must include the
steamencryptedappticket.h
header, and link to the sdkencryptedappticket binary. As such, you can use these in an offline application that runs on a trusted server to authenticate the tickets you receive from clients.
Note: An encrypted app ticket can only contain up to 140 DLC appIDs. If your game intends to have more than that, you'll need to use Session Tickets/WebAPI to check for ownership.
Functions
These are global functions which do not require an interface to use.
SteamEncryptedAppTicket_BDecryptTicket
S_API bool SteamEncryptedAppTicket_BDecryptTicket( const uint8 *rgubTicketEncrypted, uint32 cubTicketEncrypted,
uint8 *rgubTicketDecrypted, uint32 *pcubTicketDecrypted,
const uint8 rgubKey[k_nSteamEncryptedAppTicketSymmetricKeyLen], int cubKey );
Name | Type | Description |
rgubTicketEncrypted | const uint8 * | The encrypted user authentication ticket that will be decrypted. |
cubTicketEncrypted | uint32 | The size of rgubTicketEncrypted in bytes. |
rgubTicketDecrypted | uint8 * | The buffer where the decrypted ticket will get copied into. |
pcubTicketDecrypted | uint32 * | The size of rgubTicketDecrypted in bytes. |
rgubKey | const uint8[[apitype]SteamEncryptedAppTicket::k_nSteamEncryptedAppTicketSymmetricKeyLen[/apitype]] | The key used to encrypt/decrypt the ticket. This can not be longer than k_nSteamEncryptedAppTicketSymmetricKeyLen. |
cubKey | int | The length of rgubKey . |
Decrypts an encrypted application ticket.
The encryption key can be obtained from the
Encrypted App Ticket Key page on the App Admin for your app.
If this call succeeded then you can use the other SteamEncryptedAppTicket functions to get more info about the decrypted ticket.
Returns: bool
true if the ticket has been decrypted successfully.
false under the following conditions:
-
cubKey
was 0.
- The size of the output buffer
rgubTicketDecrypted
is too small. It must be at least as big as rgubTicketEncrypted
.
- Reading
rgubTicketEncrypted
failed, this could happen if it's NULL or empty.
- Encryption failed, likely because the key is incorrect.
See Also: ISteamUser::RequestEncryptedAppTicketExample:void DecryptTicket( uint8* rgubTicket, uint32 cubTicket )
{
// Included is the secret encrypted app ticket key for spacewar. You should never send this to clients.
const uint8 rgubKey[k_nSteamEncryptedAppTicketSymmetricKeyLen] = { 0xed, 0x93, 0x86, 0x07, 0x36, 0x47, 0xce, 0xa5, 0x8b, 0x77, 0x21, 0x49, 0x0d, 0x59, 0xed, 0x44, 0x57, 0x23, 0xf0, 0xf6, 0x6e, 0x74, 0x14, 0xe1, 0x53, 0x3b, 0xa3, 0x3c, 0xd8, 0x03, 0xbd, 0xbd };
uint8 rgubDecrypted[1024];
uint32 cubDecrypted = sizeof( rgubDecrypted );
if ( !SteamEncryptedAppTicket_BDecryptTicket( rgubTicket, cubTicket, rgubDecrypted, &cubDecrypted, rgubKey, sizeof( rgubKey ) ) )
{
printf( "Ticket failed to decrypt\n" );
return;
}
if ( !SteamEncryptedAppTicket_BIsTicketForApp( rgubDecrypted, cubDecrypted, SteamUtils()->GetAppID() ) )
printf( "Ticket for wrong app id\n" );
CSteamID steamIDFromTicket;
SteamEncryptedAppTicket_GetTicketSteamID( rgubDecrypted, cubDecrypted, &steamIDFromTicket );
if ( steamIDFromTicket != SteamUser()->GetSteamID() )
printf( "Ticket for wrong user\n" );
uint32 cubData;
uint32 *punSecretData = (uint32 *)SteamEncryptedAppTicket_GetUserVariableData( rgubDecrypted, cubDecrypted, &cubData );
if ( cubData != sizeof( uint32 ) || *punSecretData != k_unSecretData )
printf( "Failed to retrieve secret data\n" );
}
SteamEncryptedAppTicket_BIsTicketForApp
S_API bool SteamEncryptedAppTicket_BIsTicketForApp( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted, AppId_t nAppID );
Name | Type | Description |
rgubTicketDecrypted | uint8 * | The decrypted ticket to check. |
pcubTicketDecrypted | uint32 * | The size of rgubTicketDecrypted in bytes. |
nAppID | AppId_t | The App ID to compare against. |
Verifies that a decrypted app ticket is for the expected application.
Returns: bool
true if the ticket belongs to the provided App ID; otherwise,
false if it does not, or if the ticket is not valid.
SteamEncryptedAppTicket_BUserIsVacBanned
S_API bool SteamEncryptedAppTicket_BUserIsVacBanned( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted );
Name | Type | Description |
rgubTicketDecrypted | uint8 * | The decrypted ticket to check. |
pcubTicketDecrypted | uint32 * | The size of rgubTicketDecrypted in bytes. |
Checks if the user associated with the ticket is
VAC banned.
Returns: AppId_ttrue if the user is VAC banned; otherwise,
false if the user is not VAC banned, the ticket is not valid, or if the ticket doesn't have this information.
SteamEncryptedAppTicket_BUserOwnsAppInTicket
S_API bool SteamEncryptedAppTicket_BUserOwnsAppInTicket( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted, AppId_t nAppID );
Name | Type | Description |
rgubTicketDecrypted | uint8 * | The decrypted ticket to check. |
pcubTicketDecrypted | uint32 * | The size of rgubTicketDecrypted in bytes. |
nAppID | AppId_t | The App ID to check if the user owns it. |
Check that the ticket proves the user owns the given App ID.
This can be used for DLC and related App ID that is placed in the ticket, not just the main ticket's App ID.
Returns: bool
true if the ticket belongs to the provided App ID; otherwise,
false if it does not, or if the ticket is not valid.
SteamEncryptedAppTicket_GetTicketAppID
S_API AppId_t SteamEncryptedAppTicket_GetTicketAppID( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted );
Name | Type | Description |
rgubTicketDecrypted | uint8 * | The decrypted ticket to check. |
pcubTicketDecrypted | uint32 * | The size of rgubTicketDecrypted in bytes. |
Gets the App ID associated with a ticket.
Returns: AppId_tReturns the App ID linked to the ticket. Returns 0 if the ticket is not valid.
SteamEncryptedAppTicket_GetTicketIssueTime
S_API RTime32 SteamEncryptedAppTicket_GetTicketIssueTime( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted );
Name | Type | Description |
rgubTicketDecrypted | uint8 * | The decrypted ticket to check. |
pcubTicketDecrypted | uint32 * | The size of rgubTicketDecrypted in bytes. |
Gets the time that a ticket was issued.
Returns: RTime32Returns the time as Unix epoch time (time since Jan 1st, 1970). Returns 0 if the ticket is not valid.
SteamEncryptedAppTicket_GetTicketSteamID
S_API void SteamEncryptedAppTicket_GetTicketSteamID( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted, CSteamID *psteamID );
Name | Type | Description |
rgubTicketDecrypted | uint8 * | The decrypted ticket to check. |
pcubTicketDecrypted | uint32 * | The size in bytes of the rgubTicketDecrypted . |
psteamID | CSteamID * | Returns the Steam ID associated with the ticket. Returns k_steamIDNil if the ticket is invalid. |
Gets the Steam ID associated with a ticket.
SteamEncryptedAppTicket_GetUserVariableData
S_API const uint8 *SteamEncryptedAppTicket_GetUserVariableData( uint8 *rgubTicketDecrypted, uint32 cubTicketDecrypted, uint32 *pcubUserData );
Name | Type | Description |
rgubTicketDecrypted | uint8 * | The decrypted ticket to check. |
pcubTicketDecrypted | uint32 * | The size in bytes of the rgubTicketDecrypted . |
pcubUserData | uint32 * | Returns the size of the user data. |
Gets the variable length user data supplied when creating the ticket.
Returns: const uint8 *
Returns a pointer to the user data. Returns the size of this data via
pcubUserData
.
Constants
These are constants which are defined for use with SteamEncryptedAppTicket.
Name | Type | Value | Description |
k_nSteamEncryptedAppTicketSymmetricKeyLen | int | 32 | The length of a key used with BDecryptTicket. |