Keys are stored in plain text in your .minecraft folder

This is a serious security concern which should be for obvious reason. Imagine someone really wanted that private & public key, they could easily get it if someone doesn't know any better than to give it to them. The key only resets after 48 hours as well. A bad actor could easily use that key to forge messages to the chat system, as far as I know you don't verify the UUID before sending it off. A malicious server could be used to instead use that players public key to sign the message, essentially making a false report and defeating the entire purpose of this system.

 

To find them:{}

Go to your .minecraft folder

Go into profile keys, you'll see a file with your uuid, inside that file you'll see both your public & private keys

 

Potential Solution{}

Encrypt those files or don't store them in the players .minecraft and instead have the login server see if they have a key, if they do then use that, if its expired make a new one and give it to them.