Recently, I was given the task:

Communicate with the server in encrypted form.

After wandering through all kinds of Internet, I was able to find quite a bit of useful information in this regard. Most of the articles were devoted to acquaintance with cryptography "to the top" and only locally. A la "Как зашифровать и расшифровать «Hello world» на Android" . "Как зашифровать и расшифровать «Hello world» на Android" I am also interested in the implementation process on a client-server scale. Moreover, the implementation of the server part was also entrusted to me, so it is important to know how to implement both on the client (Java) and on the server (PHP) . Ideally implement a scheme similar to Telegram:

  1. Private keys are determined by passing open
  2. The message is encrypted with its private key locally.
  3. Transmitted over a secure connection (within which it is encrypted again using a different algorithm / same algorithm, but with a different vector)
  4. Stands for the other side

The principal difference in this scheme is that in the Telegram this is done according to the клиент-клиент scheme (without decoding on the server side), in my case the server should act as the second client.

I will be grateful to any answers, especially those detailed, since in this area I am not “in the tooth's leg”.

  • four
    You just have to google TLS, HTTPS and Let's Encrypt - andreymal
  • @andreymal just a secure connection is not enough, you need an encryption by the type of the Diffie Hellman algorithm - zTrap
  • This is all configured within TLS - andreymal
  • @andreymal I do not argue, but it seemed insufficient for customers, so I asked the question here - zTrap
  • one
    In general, in practice, to set up the server, it is enough to google any article on setting up nginx (Diffie Hellman is attached), which promises A + on ssltest (this is important), and on the client (no matter if it's java or not), just she herself will understand further - andreymal

2 answers 2

Here is an example: here is an example of Java on the implementation of a secure connection.

  • Thank you, useful material, but I cannot mark it as an answer, because here only a part of the question is considered. The other part (the use of a secure communication channel) is discussed above in the comments and cannot be separated from the full answer - zTrap
  • @zTrap, i.e. Need https inside ssh?) - Anton Mukhin
  • "It is necessary" all. But in fact, given the diversity of protocols and transmission options, the choice (for a person who is just beginning to delve into security) may be delayed. Therefore, the questions "need something in that?" or "need this with this?" I will answer yes, in order to understand the version - zTrap
  • @zTrap, For me, https / rsa is enough. Make a 2048 bit key and no one will decrypt it. Here's more in the piggy bank of knowledge: intsystem.org/security/asymmetric-encryption-how-it-work - Anton Mukhin
  • Yes, thanks, really, I know that, but future readers will come in handy :) - zTrap

I propose a scheme like this:

  1. Authorization on the server is encoded by RSA. The client should have the server's public key, it encrypts the first message with it, sends an AES-key in the authorization message, the server encodes the response already with the client's public key (which the client informs him at registration).
  2. Data exchange - we encode the session AES-key, which was transferred to the authorization.
  3. Messages can be encrypted with separate temporary keys, their generation and closing with public ones when you need them.
  • And the first two points are already in TLS) - andreymal