CryptCraft

Who can really read your Minecraft messages? CryptCraft hides content from the server itself, while revealing what still leaks.

Comment

Inspiration

Minecraft private messages hide content from other players, but not from the server. Everything is just sent in plain text, which feels kind of wild considering how much we talk about privacy in real systems. CryptCraft explores what happens when you try to hide that content too, and what privacy gaps still remain. I wanted to see what it would look like to bring “real” encryption into something familiar and interactive. It also came from curiosity about what encryption actually protects vs what it doesn’t. Like even if messages are encrypted, the server can still see who is talking and when. That gap felt interesting to explore in a way that isn’t just theory.

What it does

CryptCraft lets players send encrypted messages to each other inside a Minecraft server. Each player generates a key pair, and messages are encrypted using AES while the key is protected with RSA. Messages show up in an inbox and can be decrypted with one click. At the same time, the server still logs metadata like sender, receiver, and timestamps, so you can actually see that encryption isn’t the same as total privacy.

How I built it

This is a Java plugin built on a Paper Minecraft server. The main part was implementing hybrid encryption (using RSA for key exchange and AES-GCM for the actual messages). Commands like /keygen, /encmsg, and /inbox hook into the Minecraft chat system so everything feels native. The server handles storing and delivering messages, while encryption/decryption happens through the plugin logic. I also used Gradle to build and test things like encryption correctness and tampering detection.

Challenges I ran into

One of the biggest challenges was that this wasn’t just a normal app, it’s a Minecraft plugin, which made everything more constrained and harder to debug. Even simple things like handling user input or displaying messages had to fit into the game’s command and chat system. On top of that, implementing hybrid encryption correctly was tricky. AES-GCM is very strict, so small mistakes would completely break decryption with almost no helpful errors. Managing RSA keys, encoding data, and making sure everything lined up between encryption and decryption took a lot of trial and error. It was also challenging to make the system feel usable inside Minecraft instead of overly technical.

Accomplishments that I'm proud of

Getting this to fully work inside Minecraft felt like a big accomplishment. Making it as a plugin made everything more complicated than a normal app, so having the whole flow actually work, from key generation to sending, storing, and decrypting messages, was really satisfying. The hybrid encryption setup also ended up working reliably, including detecting tampered messages, which was something that broke a lot during development.

What I learned

I learned how to make a Minecraft plugin, which ended up being way harder than I initially thought. On the crypto side, it made encryption feel a lot less abstract. I get now why systems use both AES and RSA, and also how easy it is to mess things up if one small part is wrong.

What's next for CryptCraft

A big next step would be moving toward true end-to-end encryption, since right now the server still stores private keys. Adding public key verification would also help prevent impersonation attacks. It would also be interesting to explore ways to reduce or visualize metadata leakage more clearly. On the usability side, I’d want to improve how the system feels in-game, maybe by reducing reliance on commands and making it more integrated into the Minecraft UI.

Built With

Share this project:

Updates