L
Lawrence
Hi all,
I made some network tool that is p2p and works on LANs.
It mainly transfer files and text messages across peers using sockets,
input stream, etc.
I'm interested in crypting the traffic and to do so I was thinking to
do something
that I'm scared could be pretty much reinventing the wheel.
I was thinking to generate on each new instance of the tool a pair of
public/private key.
Than using this keys in the Diffie-Hellman Key Agreement Algorithm to
generate a session key and then with this session key encrypt all the
traffic
for that session or even for all the future communications between two
peers.
For all this stuff JCE come in hand.
I know that man in the middle attack is possible the first time two
peers meet
(when they exchange the public keys) and I know as well that if the
symmetric key is permanent and is found all prior communication
between to peers will be unsecured.
As I was scared of, I believe this is pretty much redoing the well
done and ready to use securesocket/factory system..
What I'm not figuring out is how to do dynamically all this key
managment, since the only
way I got to see about how to provide the certificates is by using the
keytool from command line.
I can't ask a user to do that, I need to do all dynamically, if i
don't know the user take his certificate (normal socket) and from then
on use that to "authenticate" and create session key or permanent key.
Does anyone have any suggestion ? Is it possible to have and do
dynamic key managment and (possibly avoiding certificates) with the
secure socket (which use ssl i think) which at the end use some
variant of Diffie-Hellman key agreement.
Thanks
Oh, by the way, if you think my message is not exactly appropriate for
this group if you know any better I would appriciate.
Lawrence
for secure socket.
I made some network tool that is p2p and works on LANs.
It mainly transfer files and text messages across peers using sockets,
input stream, etc.
I'm interested in crypting the traffic and to do so I was thinking to
do something
that I'm scared could be pretty much reinventing the wheel.
I was thinking to generate on each new instance of the tool a pair of
public/private key.
Than using this keys in the Diffie-Hellman Key Agreement Algorithm to
generate a session key and then with this session key encrypt all the
traffic
for that session or even for all the future communications between two
peers.
For all this stuff JCE come in hand.
I know that man in the middle attack is possible the first time two
peers meet
(when they exchange the public keys) and I know as well that if the
symmetric key is permanent and is found all prior communication
between to peers will be unsecured.
As I was scared of, I believe this is pretty much redoing the well
done and ready to use securesocket/factory system..
What I'm not figuring out is how to do dynamically all this key
managment, since the only
way I got to see about how to provide the certificates is by using the
keytool from command line.
I can't ask a user to do that, I need to do all dynamically, if i
don't know the user take his certificate (normal socket) and from then
on use that to "authenticate" and create session key or permanent key.
Does anyone have any suggestion ? Is it possible to have and do
dynamic key managment and (possibly avoiding certificates) with the
secure socket (which use ssl i think) which at the end use some
variant of Diffie-Hellman key agreement.
Thanks
Oh, by the way, if you think my message is not exactly appropriate for
this group if you know any better I would appriciate.
Lawrence
for secure socket.