Java如何使socket连接安全?

huangapple go评论71阅读模式
英文:

Java How to make a socket connection secure?

问题

我想在服务器和客户端之间建立一个安全的套接字连接。
我的协议如下:

  1. 客户端生成RSA密钥对,并将其公钥发送给服务器。
  2. 服务器生成一个AES密钥,用客户端的公钥加密该密钥,并将其发送给客户端。
  3. 客户端使用私钥解密AES密钥。
  4. 所有消息都使用AES密钥进行加密和解密。

问题:
这个协议在中间人攻击面前非常脆弱。攻击者可以轻易地将自己的公钥发送到服务器,并接收AES密钥。攻击者可以欺骗客户端成为服务器,欺骗服务器成为客户端。如何使我的连接更安全?

英文:

I want to setup a secure socket connection between a Server and a Client.
My protocol is:

  1. The Client generates a RSA keypair and send it's public key to the server.
  2. The Server generates a AES key, encypts the key with the client's public key and ends it to the client.
  3. The client decrypts the AES key with the private key.
  4. All messages are encrypted and decrypted with the AES key.

The problem:
This protocol is very vulnerable against Man-in-the-middle attacks. A attacker could easily send his own public key to the server, and receive the AES key. The attacker can spoof to be the server to the client and to be the client to the server. <br>
How to make my connection secure?

答案1

得分: 2

正如Marc所说,请使用TLS。TLS使用Diffie-Hellman来保护A和B之间的连接。这也是使HTTPS安全的原因。

这里有一个Java的简短示例。请注意术语SSL的使用 - TLS曾经是SSL,但这个术语仍然可以互换使用。

英文:

As Marc says, use TLS. TLS uses Diffie-Hellman to secure the connection between A and B. This is also what makes HTTPS secure.

Here's a short example in Java. Note that the term SSL is used - TLS used to be SSL, but the term is still used interchangeably.

huangapple
  • 本文由 发表于 2020年9月26日 17:19:58
  • 转载请务必保留本文链接:https://go.coder-hub.com/64075891.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定