aspose file tools*
The moose likes Security and the fly likes JCE Encryption in client server encryption. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "JCE Encryption in client server encryption. " Watch "JCE Encryption in client server encryption. " New topic
Author

JCE Encryption in client server encryption.

A K Gupta
Greenhorn

Joined: Jan 19, 2007
Posts: 1
Hi Everyone,
I am using JCE encryption for encrypting data that is sent to my server from my client. But for that after establishing connection to the server, I have to first send the key object without encrypting it(which is obvious) so that it can be used to encrypt and decrypt data on client and server. But I want to send the key object securely. Is there any way to achive it?
Or do you guys have a better solution of encryption for network based applications. Just for information server is not a web based application, its just a simple server through which clients exchange data between them.

Kindly let me know if you need any further information from me.

Thanks for support.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41899
    
  63
Welcome to JavaRanch.

How about -just for the purpose of sending the key- opening a second socket over which you'd use HTTPS to send the key? You wouldn't need a servlet container (or web server) at the other end - HTTP(S) is fairly simple, and it shouldn't be much work to implement this simple key exchange.


Ping & DNS - my free Android networking tools app
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
I would say just use HTTPs (through the JSSE) to send the data in the first place.


Nice to meet you.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Inventing your own protocol for security is dangerous, its easy to make mistakes. As others have said, why not just use HTTPS/SSL/TLS?
Its well established, there is lots of help on the net, built into Apache, etc.
K Aditi
Ranch Hand

Joined: Mar 17, 2008
Posts: 89
To exchange keys securely you can give Diffie-Hellman algorithm a try.The purpose of this algorithm is to exchange secret keys over an insecure medium.


Aditi
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Originally posted by K Aditi:
To exchange keys securely you can give Diffie-Hellman algorithm a try.The purpose of this algorithm is to exchange secret keys over an insecure medium.


True, but that is how RSA is used in SSL/TLS. Other than for education, its easier to just use a commonly built protocol than try to roll your own.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JCE Encryption in client server encryption.