npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@steamlab/steam-crypto

v0.0.3

Published

Steam client connection crypto utilities.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

fcastrocsfcastrocs

Keywords

steamsteam clientsteam crypto

Readme

steam-client-crypto

npm version License: MIT

A TypeScript/Node.js library implementing Steam's cryptographic protocols for client connections. Provides encryption, decryption, and authentication primitives used in Steam's network protocol.

Features

  • Session Key Generation - Generate and encrypt symmetric session keys with Steam's public RSA key
  • AES Encryption/Decryption - Encrypt and decrypt Steam protocol payloads using AES-256-CBC with HMAC-based IV
  • CRC32 Checksum - Compute CRC32 checksums for data integrity verification
  • RSA Password Encryption - Encrypt passwords with Steam's RSA public keys for authentication
  • Dual ESM/CJS Support - Works with both ES modules and CommonJS
  • Type-Safe - Full TypeScript support with comprehensive type definitions
  • Zero Dependencies - Uses only Node.js built-in crypto module

Installation

npm install @steamlab/steam-crypto

Requirements:

  • Node.js >= 20.0.0
  • npm >= 9.5.1

Usage

Basic Example

import SteamCrypto from "@steamlab/steam-crypto";

// Generate session key for Steam connection
const nonce = Buffer.from("your-nonce-from-steam", "hex");
const sessionKey = SteamCrypto.genSessionKey(nonce);

// Encrypt data to send to Steam
const message = Buffer.from("Hello, Steam!");
const encrypted = SteamCrypto.encrypt(message, sessionKey.plain);

// Decrypt data received from Steam
const decrypted = SteamCrypto.decrypt(encrypted, sessionKey.plain);

// Compute CRC32 checksum
const checksum = SteamCrypto.crc32(Buffer.from("data"));

// Encrypt password for authentication
const encryptedPassword = SteamCrypto.rsaEncrypt(
  "myPassword123",
  "publicKeyModulus",
  "publicKeyExponent"
);

CommonJS

const SteamCrypto = require("@steamlab/steam-crypto").default;

const nonce = Buffer.alloc(16);
const sessionKey = SteamCrypto.genSessionKey(nonce);
console.log("Session key generated:", sessionKey.plain.length, "bytes");

API Reference

SteamCrypto

Abstract class providing static methods for Steam cryptographic operations.

genSessionKey(nonce: Buffer): SessionKey

Generates a 32-byte symmetric AES session key and encrypts it with Steam's public RSA "System" key.

Parameters:

  • nonce - 16-byte nonce obtained from Steam's channelEncryptResponse message

Returns: SessionKey object with:

  • plain - 32-byte Buffer containing the unencrypted session key
  • encrypted - 128-byte Buffer containing the RSA-encrypted session key

Example:

const nonce = Buffer.from("1234567890abcdef", "hex");
const { plain, encrypted } = SteamCrypto.genSessionKey(nonce);
// Use 'encrypted' to send to Steam
// Use 'plain' for subsequent encryption/decryption

encrypt(data: Buffer, key: Buffer): Buffer

Encrypts data using AES-256-CBC with an HMAC-SHA1 based IV for transmission to Steam.

Parameters:

  • data - Buffer containing the data to encrypt
  • key - 32-byte session key (from sessionKey.plain)

Returns: Buffer containing encrypted IV (16 bytes) + encrypted data

Example:

const sessionKey = SteamCrypto.genSessionKey(nonce);
const payload = Buffer.from(protobufData);
const encrypted = SteamCrypto.encrypt(payload, sessionKey.plain);

decrypt(data: Buffer, key: Buffer): Buffer

Decrypts data received from Steam that was encrypted with AES-256-CBC.

Parameters:

  • data - Buffer containing encrypted IV + encrypted data
  • key - 32-byte session key (from sessionKey.plain)

Returns: Buffer containing decrypted plaintext data

Example:

const sessionKey = SteamCrypto.genSessionKey(nonce);
const received = Buffer.from(steamResponse);
const decrypted = SteamCrypto.decrypt(received, sessionKey.plain);

crc32(buffer: Buffer): number

Computes CRC32 checksum of the given buffer as an unsigned 32-bit integer.

Parameters:

  • buffer - Buffer to compute checksum for

Returns: Unsigned 32-bit integer CRC32 checksum

Example:

const data = Buffer.from("Hello, World!");
const checksum = SteamCrypto.crc32(data);
console.log(`CRC32: 0x${checksum.toString(16)}`);

// Verify known value
const test = SteamCrypto.crc32(Buffer.from("123456789"));
console.log(test === 0xcbf43926); // true

rsaEncrypt(password: string, publicKeyMod: string, publicKeyExp: string): string

Encrypts a password using RSA public key encryption with PKCS1 padding.

Parameters:

  • password - Password string to encrypt
  • publicKeyMod - RSA public key modulus as hex string (from Steam)
  • publicKeyExp - RSA public key exponent as hex string (from Steam)

Returns: Base64-encoded encrypted password

Example:

// Values obtained from Steam's GetPasswordRSAPublicKey API
const modulus = "a1b2c3d4..."; // hex string
const exponent = "010001"; // hex string (typically 65537)

const encryptedPassword = SteamCrypto.rsaEncrypt(
  "mySecurePassword",
  modulus,
  exponent
);

// Send encryptedPassword to Steam for authentication

Types

SessionKey

interface SessionKey {
  plain: Buffer;      // 32-byte unencrypted session key
  encrypted: Buffer;  // 128-byte RSA-encrypted session key
}

Used In

This library is used by @steamlab/steam-client for Steam client implementation.

License

MIT

Links