I was reading a tutorial about SSLServerSocketFactory and it said I need to create a certificate, but elsewhere I read that this factory handles it transparently. If the latter is true, does that mean that all the key handling, key authentication, encryption, decryption etc is taken care of automatically? All I need to do is set one of the available cipher suites?
I was looking over the available cipher suites. I am certainly not an expert on this, but have a general idea of many of the protocols. Would this be a good choice? TLS_RSA_WITH_AES_128_CBC_SHA
I am not sure what CBC means, but is RSA used to encrypt the private key, the message hashes with SHA and then all the data being send encrypted with AES?
I am writing a secure chat room, where not only the sign up and log in functions, but all the messages from the users in the chat room. I would like it to be reasonably fast, and I know AES is. Some of the other available ciphers are quite insecure and am surprised they are even in the list, like DES and RC4. [ March 16, 2007: Message edited by: David McCombs ]
"Should array indices start at 0 or 1? My compromise of 0.5 was rejected without, I thought, proper consideration."- Stan Kelly-Bootle
You will need to install a certificate on the server, but after that everything else is handled transparently. The process to do that is described here in the section titled "Prepare the Certificate Keystore".
Not sure about your questions concerning ciphers, but it sounds like they be moot, since SSL handles all that. Or do you want to encrypt stuff outside of the transport as well?