X
xmarlawx
Hi all!
I'm writing a client-server project in java and i decided I want the
client to communicate
with the server using a secure channel and viceversa.
I learned about both symmetric and asymmetric encryption systems and
I'd like
to have accountability, non repudiation, etc and security.
I've seen examples on how to create a secure socket (ssl) and i've also
seen
how to manually create keys for asymmetric, make a simple protocol to
exchange a key and
then use a symmetric cipher which is much cheaper (cpu wise).
The public keys are assumed to be exchanged in a secure mode (ex. by
hand) and no third party
is considered.
I need to transfer strings and files, or byte arrays and files, shall i
write my own protocol
using crypto facilities offered by java or skip all that and go
straight to ssl secure socket ?
middle attacks.
Also, do you think that since i'm writing this application from
scratch, shall I use channels instead of threads that pick up sockets
from a pool ? I'm a little confused with advantages/disadvantages and
channels looks harder.
Thank you !
I'm writing a client-server project in java and i decided I want the
client to communicate
with the server using a secure channel and viceversa.
I learned about both symmetric and asymmetric encryption systems and
I'd like
to have accountability, non repudiation, etc and security.
I've seen examples on how to create a secure socket (ssl) and i've also
seen
how to manually create keys for asymmetric, make a simple protocol to
exchange a key and
then use a symmetric cipher which is much cheaper (cpu wise).
The public keys are assumed to be exchanged in a secure mode (ex. by
hand) and no third party
is considered.
I need to transfer strings and files, or byte arrays and files, shall i
write my own protocol
using crypto facilities offered by java or skip all that and go
straight to ssl secure socket ?
the server (the public key) its always the same, to avoid man in theFrom the client, for instance, I always want to check that the key of
middle attacks.
Also, do you think that since i'm writing this application from
scratch, shall I use channels instead of threads that pick up sockets
from a pool ? I'm a little confused with advantages/disadvantages and
channels looks harder.
Thank you !