Hi Everyone, I am using JCE encryption for encrypting data that is sent to my server from my client. But for that after establishing connection to the server, I have to first send the key object without encrypting it(which is obvious) so that it can be used to encrypt and decrypt data on client and server. But I want to send the key object securely. Is there any way to achive it? Or do you guys have a better solution of encryption for network based applications. Just for information server is not a web based application, its just a simple server through which clients exchange data between them.
Kindly let me know if you need any further information from me.
How about -just for the purpose of sending the key- opening a second socket over which you'd use HTTPS to send the key? You wouldn't need a servlet container (or web server) at the other end - HTTP(S) is fairly simple, and it shouldn't be much work to implement this simple key exchange.
Inventing your own protocol for security is dangerous, its easy to make mistakes. As others have said, why not just use HTTPS/SSL/TLS? Its well established, there is lots of help on the net, built into Apache, etc.