wood burning stoves 2.0*
The moose likes HTML, CSS and JavaScript and the fly likes Http AES Content-Encoding Headers Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "Http AES Content-Encoding Headers" Watch "Http AES Content-Encoding Headers" New topic
Author

Http AES Content-Encoding Headers

Craig Taylor
Ranch Hand

Joined: Jul 17, 2008
Posts: 64
I'm currently in the process of implementing AES encryption for a library module -- the requirements are for encryption but not client authentication (hence no needs for HTTPs).

Is there a standard for encryption over HTTP via perhaps the content-encoding? If so, where / how? Otherwise I'm considering making my own content encoding, eg: AESGZIP and calling it a day.

Thanks,
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
Well if you want to do it in JavaScript, remember that any man in the middle attack can read the key that is in plain text if it is sent down with the html page. Only real secure way is https.

Eric
Craig Taylor
Ranch Hand

Joined: Jul 17, 2008
Posts: 64
I'll be doing it in Java on both the client and server side - no javascript.

In short, I just want to encrypt the data - Both the client and server are controlled by me - I just want to ensure the data is secure across the network and I'm not able to deposit HTTPs keys on the hosts (cost, multiple transport points etc).
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
So you are running an applet on the clientside than?

Eric
Craig Taylor
Ranch Hand

Joined: Jul 17, 2008
Posts: 64
No - I've got an application listening on a port handling HTTP incoming requests - not using Tomcat / Apache at all.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Http AES Content-Encoding Headers
 
Similar Threads
Encrypting data using my own key
Encrypting password in a properties file
Basic use of JCE (Java Cryptography Extension)
Encryption/Decryption using AES 128 bit
IDEA encryption in java.