aspose file tools*
The moose likes Security and the fly likes SSLServerSocketFactory Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "SSLServerSocketFactory" Watch "SSLServerSocketFactory" New topic
Author

SSLServerSocketFactory

David McCombs
Ranch Hand

Joined: Oct 17, 2006
Posts: 212
I was reading a tutorial about SSLServerSocketFactory and it said I need to create a certificate, but elsewhere I read that this factory handles it transparently. If the latter is true, does that mean that all the key handling, key authentication, encryption, decryption etc is taken care of automatically? All I need to do is set one of the available cipher suites?

I was looking over the available cipher suites. I am certainly not an expert on this, but have a general idea of many of the protocols. Would this be a good choice? TLS_RSA_WITH_AES_128_CBC_SHA

I am not sure what CBC means, but is RSA used to encrypt the private key, the message hashes with SHA and then all the data being send encrypted with AES?

I am writing a secure chat room, where not only the sign up and log in functions, but all the messages from the users in the chat room. I would like it to be reasonably fast, and I know AES is. Some of the other available ciphers are quite insecure and am surprised they are even in the list, like DES and RC4.
[ March 16, 2007: Message edited by: David McCombs ]

"Should array indices start at 0 or 1? My compromise of 0.5 was rejected without, I thought, proper consideration."- Stan Kelly-Bootle
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41884
    
  63
You will need to install a certificate on the server, but after that everything else is handled transparently. The process to do that is described here in the section titled "Prepare the Certificate Keystore".

Not sure about your questions concerning ciphers, but it sounds like they be moot, since SSL handles all that. Or do you want to encrypt stuff outside of the transport as well?


Ping & DNS - my free Android networking tools app
David McCombs
Ranch Hand

Joined: Oct 17, 2006
Posts: 212
Thank you

Well, I was trying to figure out what is happening under the hood for educational reason, and to add to my project write up. The project is a standalone and doesn't rely on a servlet container.

I guess now I need to ask what is the best was to secure the certificate?
[ March 17, 2007: Message edited by: David McCombs ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41884
    
  63
I guess now I need to ask what is the best was to secure the certificate?


What do you mean by "secure the certificate"? A certificate can be used for securing a connection, i.e. by using SSL.
David McCombs
Ranch Hand

Joined: Oct 17, 2006
Posts: 212
Where and how should it be stored on the hard drive?
David McCombs
Ranch Hand

Joined: Oct 17, 2006
Posts: 212
OK, this is what I have for the code to create the SSLServerSocket



I know storing the password in code is a bad idea, this is just to get the ball rolling.

Here is how I created the key

keytool -genkey -keystore chat.ky -keyalg RSA

Does it look like I am on the right path?
[ March 17, 2007: Message edited by: David McCombs ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SSLServerSocketFactory