When you require() EncryptedNet from the server, it sets up a RemoteFunction for a handshake. When you require() EncryptedNet from the client, it calls that handshake remote. The server and client each generate public & private keys, then send their public keys to each other. Using these keys, they perform an Elliptic-curve Diffie–Hellman key exchange to arrive at a shared secret that is later used to encrypt all traffic.When the server calls :SetCallback() on a remote, the callback is actually set to a function that receives encrypted data and a signature. This function decrypts the data with the shared secret using the ChaCha20 cipher (since ChaCha20 is efficient for non-hardware applications like ours), then verifies the decrypted data using the elliptic curve signature. Once it has done that, it passes the decrypted data to your specified callback function and your code runs none the wiser.When a client calls :CallServerAsync() on a remote, it first takes your arguments and encrypts them with ChaCha20 and the shared secret, then creates a signature using your private key, and then sends those along.This process is similarly done around :Connect(), :SendToPlayer(), etc. All of the RbxNet API is wrapped to properly handle authenticated encryption on all of your traffic on that remote.
