I have a chat program that uses sockets for sending and receiving data. Now, I want to encrypt the data transfers via sockets with Diffie-Hellman key exchange system.
What is the easiest way to do that?
What is the easiest way to do that?
Use JSSE and configure to use Diffie Hellman.
JSSE is Java's socket extension for SSL. Using the SecureSocket classes which provide the same interface as regular sockets (so your current code does not need to change) but operate over SSL you can achieve encryption in your network connectivity.
You should study the link provided to see how to configure to do what you need.
Related
I have the following system
Android app -> kafka -> listener service (Java).
I would like to make sure that there is data integrity in this process.
I want to encrypt the message in the Android app, insert it into a topic and then have listener pick it up and decrypt the message.
I would like to know what would be the best way (algorithm and practice) to encrypt and decrypt between the systems. Can this be achieved in a simple way (without certs or keys)?
Assuming there will be 5 mobile apps pushing messages to the broker.
I would like to make sure that there is data integrity in this process.
If you are concerned to ensure the message integrity during transport, using TLS (ssl, https) would do the trick in the most of the cases. If you need end-to-end security (signed, encrypted message) between other components (kafka->Java), you will need to sign the message. In most of the cases you should be ok with the first option (https).
Can this be achieved in a simple way (without certs or keys)?
PKI (certs and keys) enables us to ensure integrity and confidentiality without hardcoding the secrets (which is not very wise for mobile apps). You already have out of box libraries for SSL, so consider it "the simple way". Building custom protocol to sign and validate the messages is only more complex and possibly less secure.
I would like to know what would be the best way (algorithm and practice) to encrypt and decrypt between the systems.
For basic transport security, I'd suggest to rely on TLS, you still need to authenticate the user (username, password?) to ensure client's identity. TLS provides secure channel up to the SSL termination point (https server, kafka listener, ..).
If you need end-to-end security (signed, encrypted message) between other components (kafka->Java), there are some standards to encrypt and sign the messages, such as WS-Security for web services or you can use signed and encrypted JWT to pass messages.
However - you will have to securely exchange the keys between the client and validating backend (with a separate service or some key exchange protocol).
I think the easiest way to implement that is to use and encrypted channel using some secure transport (https, sftp, etc.)
If you are implementing a custom protocol, then you will need to encrypt/decrypt the messages using some of the available libraries.
And yes, I suggest to use an standard encryption algorithm (which will require to use certificates).
I need to make two java proceses on the same host to communicate securely. I do not need to authenticate the processes so I don't want to use certificates.
I want to generate a random key in the server and client, exchange the keys between the processes using Elgamal; establish common symmetric key across the processes; and then communicate securely.
As far as I can think of, this can be done by implementing RMIServerSocketFactory and RMIClientSocketFactory interfaces to establish symmetric key as discussed above.
Is there already an implementation to do that?
Or is there a way to configure SslRMIServerSocketFactory and SslRMIClientSocketFactory to start using ElGamal as the key exchange protocol
ElGamal is preferred choice over RSA as ElGamal will generate random symmetric keys for each handshake while RSA will generate static keys every time.
I need to make two java proceses on the same host to communicate
securely. I do not need to authenticate the processes so I don't want
to use certificates.
Your reasoning is flawed from the start unfortunately. However "hardened" a communication channel is, you'll always want to make sure you're communicating with the intended party if you want to exchange data secretly. Authentication in one form or another is necessary to do so.
In theory, you can do away with certificates and use PSK cipher suites (which would effectively include the authentication step). This isn't supported by default with the Oracle/OpenJDK JRE. In addition, if you're working on the assumption that your certificate's private key would be compromised (as suggested by your other question), the same problem could happen with the pre-shared keys anyway.
I have designed a webpage using HTML and client side validation using JavaScript.PHP for server side.I want to encrypt the fields before it is transmitted over network,I have encryption code written in JAVA.Can anybody give me a solution as how can I incorporate java code for encryption?Or any better way for encryption?
Any help is greatly appreciated.
Thanks.
An example of AES encryption using JavaScript can be found here. Depending on your use case, https encryption may be a better option, or can at least provide an additional layer of privacy. I think the key question to ask yourself is whether the data on the server should be opaque to anyone but the client. If the server is going to use the data in its plaintext form, then https is a relatively safe, easy and robust option. If the server doesn't need the data, then having the user encrypt at the client in JavaScript would allow your server to maintain those sensitive fields in a way that would be useless to your own employees, but useful to the client who could regenerate the same key to decrypt it.
If you want to encrypt on client side and decrypt on server side, you'll have to do it with javascript on client side; maybe you can do it with an applet and that way use Java on client side, but that seems troublesome.
I think you better look into https.
I think a better way would be using https if you have the option to do so. Why reinvent the wheel?
I was thinking of implementing Diffie-Hellman on android mobile systems. In this application two sides say A and B generate keys which are later exchanged to get the common secret key.Android provides support for generating the keys but i want to know what would be the most secure to conduct the exchange. If the method used for exchange is not secure it completely defeats the purpose of using this method.
Why not use your web server as a interface, which creates the corresponding public and private key, and uses it for encryption and decryption? Make sure you even encrypt the way the keys which are sent b/w server to application are encrypted.
A friend and me are working on a Java Game with a client/server - architecture.
It is working well, but i ran into a problem.
We use TCP Sockets for networking between server and client.
Our network protocol isnt encrypted and can just be read by anone who bothers to watch the stream.
We thought about how we could apply some kind of cryptography to it to hide login information and prevent people to write their own clients. But basic things like adding/substracting bytes seems pretty easy to figure out.
What are the usual methods used to encrypt network communication for games( or at least game login information )? And having written the server and client in java, are there any useful java libraries?
Use public-key encryption (RSA for example) and implement something like the SSL Handshake, or of course use SSL - here you can see an example.
Here's a simplified sequence:
the server sends his public RSA key to the client
the client generates a symmetric key (using AES for example)
the client encrypts the symmetric key with the server's public key and sends it to the server
the server decrypts the received symmetric key
Now both the client and the server have a key which no one eavesdropping can know. Then use that key to encrypt all data.
SSL(Secure Sockets Layer) is popular to handle this kind of problem.
Look at the javax.crypto library or bouncyCastle.
Both provide cryptographic primitives, also for encryption. Depending on how secure you want to have it, you can use symmetric or assymetric crypto. However, also think about key management in advance. Where do you store your private/shared key.
If it is a client-server, the best way would be to use assymetric crypto (i.e. RSA, Elliptic Curve) and give every user a certificate signed with the key of the server (note, this is TLS (formerly called SSL)). This way you can check if the user logging on is authentic. However, you dont prevent custom clients since the user has to have everyone can just copy the certificate.
In practice, it is quite hard to prevent custom clients.
You can use Ciphers. Some more examples here and here