Reputation: 177
Secure transmission of file from client to a server
I'm uploading an encrypted file from Android phone to a server and decrypting the same file in the server side.
Client: Used HTTP post to send file to a server Server: PHP Encryption: Triple DES
I hard coded the keys and iv in both the client and server side. Is there any idea how to use the keys and iv so that the transmission is highly secured?
Thanks!
Upvotes: 1
Views: 249
Answers (2)
Reputation: 3509
If android encrypts the file immediately prior to transmitting it and the server decrypts it on receipt, then you should just use SSL/TLS/HTTPS.
Hardcoding either the key or the IV is horribly bad practice. If you hardcode the key in an application, anyone who can get the binary has the key and can read the message. If you hardcode the IV, even people who do not have the key can potentially do something( IV's can be public, but they MUST be random)
Upvotes: 0
Reputation: 108790
No. If you hardcode a symmetric key into a client application that runs on untrusted devices, it's practically no encryption at all. An attacker can just extract the key from his application, and decrypt all other transmissions.
Just use https with a single trusted root public key corresponding to your server.
Upvotes: 3
Related Questions
- Android – Sending/Receiving data to/from server securely
- Android and PHP server: encrypt and decrypt data
- Encryption using public/private keys between mobile client and server PHP
- Security in data transmission
- Advice on securely sending a txt file from a mobile device to a server
- Sending data from Server to Client(Android App)
- Android App with PHP Server Communication
- How to send data form php server to android
- Encryption between Android client and PHP server
- How can I make sure file gets from phone to server without being tampered with?