Reputation: 83
Using AES encryption in a client-server environment
I'm currently working on a client-server application. I have some data that I want to encrypt client side and be decrypted server side.
I have the encryption/decryption part figured out and working. My problem is with the Key and Salt. Both of them are randomly generated at runtime prior to sending it over the network to the server.
My questions are :
- How do I get the server to decrypt the data if the Key and Salt are random??
My current solution is to send the key and the salt WITH the encrypted data.
- But Doesn't that nullify my effort to secure my data?
- Should I "Hide" the key and the salt among the data ? (append at the end/beginning)
People on that post suggest to contact the server to let him know we want to send a secure message. he then generate a key and send it back to you. Isn't that a bit "too much" for a game networking where you want everything has packed as possible?
What's is being done usually?
Thanks.
Upvotes: 2
Views: 1802
Answers (1)
Reputation: 9805
Looks like you've accidentally tripped up and rolled your own crypto. Uh oh. No worries though, just pick yourself up, delete all of your crypto code and then just use SSLStream.
Why?
TLS is the result of years of work, research and analysis by people who are a lot better at crypto than you and I put together, times a billion.
It will be way faster and less painful than writing your own custom solution. You would need to implement a combination of Diffie-Hellman, RSA/DSA Signatures, AES, an HMAC or two if you aren't using an authenticated mode for AES, and to top it all off, you need to watch out for padding oracles, forward secrecy and a whole bunch of other stuff.
Jokes aside, you should never roll your own crypto. Rely on tried and tested technology.
Upvotes: 3