How to connect two clients through server and after their connect server deactivates? That mean that server couldn't get any user data, it only connect them. Is it possibly make by java se, or it could be at all? Also clients could be in different local networks, so just obtain addresses of clients possibly may not working. If that method isn't real, you could recommend another type of safe connection
2
votes
What did you try so far to get this to work? I mean did you ask google? There you can find many answers. Even on stack overflow.
- Obenland
@Xean i have already ask that question on another forum, and there i had answer that it's impossible. I have tried to search answer over internet, but mostly i get asks about simple local client-server connection
- Yaroslav Shulyak
Could you link this answer? This could be an interesting context. But what's about Jxta?
- Obenland
@Xean after few hours of reading about examples of p2p networks i understood that it's almost impossible to realize my idea. I want to make p2p messenger app for android, but now it seems that its impossible to make that app portable. User have to setup him router to work with local devices(port and ip)
- Yaroslav Shulyak
Android. Nice to know. Please provide such information in your question next time. To be able to change the network easily (WiFi and Cellular) changed the context. You are right, it's very hard to do this (maybe Abhi's answer works?). But I have another idea. Give me a second.
- Obenland
2 Answers
2
votes
There are 3 possible ways that I can think of
:1: - A server IP based solution- the clients know the server's IP address. Server listens on Server Socket, and then the clients (say A & B) connect over this server socket and registers themselves. Now Server makes available the IP Address of the Client A, when Client B uses Client A's well known name to ask the server for Client A's IP address. Client A will be listening on a server Socket - and Client B connects at this socket. Care needs to be taken make sure the addressable IP addresses are used i.e public addresses, same subnet masks , NAT traversal ...
:2: - Broadcast / Multicast IP based solution - All the clients broadcast or Multicast (group based) - part of the broadcast is the well known name, thus Client B would know what is the IP address of Client A. Client A will be listening on a server Socket - and Client B connects at this socket.
:3: - consider existing libraries JXTA or TomP2P or Hive2Hive or jnmp2p
Also check this out - http://tutorials.jenkov.com/p2p/index.html
Your questions
How to connect two clients through server and after their connect server deactivates?
:1 works - once Client B knows the IP address of Client A - the server can deactivate. The server doesn't get to see any data being exchanged between Client A and Client B.
Is it possibly make by java se, or it could be at all?
yes it is very much doable - I did something similar few years ago in Java - it was a digital camera (Client A) connecting remotely to a storage device (Client B) at home. (i implemented :1)
Also clients could be in different local networks
yes they can be in different local networks but they should be addressable. Take what I did the storage device was essentially inside a home network and the Digital Camera was on a public network. You can use IPv6 or you can do NAT Traversal techniques or Port Forwarding - to make the clients in different network visible to each other. And this method is very safe.
To make it safe and efficient you will generate a session key (using Diffie Hellman) and the two clients will use a symmetric encrypt/decrypt to exchange data (using AES). (You use RSA to generate session key - an alternative to Diffie Hellman. Generally speaking, if you can use Digital Certificate use RSA - if you can use shared key use Diffie-Hellman)
If not clear - explain your use case in further detail - I can explain for your use case.
1
votes
This is for an android messenger app. You want to have peer to peer connection to get a secure connection. Maybe it is possible by Abhi's answer (first idea) but you have to get the task of connecting two devices secure as well.
The other downside of a p2p messenger: both have to be online. if one of them have a bad connection you probably loose messages or it'll get hard to send the message.
Even though you have got a p2p connection, you have to encrypt the communication, to get a good security. If you have a very good encryption you probably don't need p2p connection [1].
What you need is a good cryptographic protocol. This is the base idea:
- Everyone has published a RSA public key to your server.
- A wants to talk to B, so A encrypts A's AES key with B's public RSA key.
- B decrypts A's AES key with B's private RSA key.
- (Maybe B sends another AES key to A, but I think both can use A's AES key).
- B confirms by sending a "Hello A"-message encrypted with A's AES key.
- Now they can communicate.
- Maybe it is a good idea to replace the AES key after a given time or after a number of chat messages.
You probably can find answers how to do this on Stack Overflow (please give him an upvote if you use his code).
Why do you should use this complicated protocol instead of easily encrypt everything with RSA? Both, RSA and AES, are very strong cryptographic protocols, but RSA isn't has fast to calculate as AES. You need a big RSA key, like 2048 bits instead of a 256 bit AES key. This is a big downside for mobile phones. More calculation means more power consumption. So AES is faster, but you can't make the key public. Together they are a very strong team (even though RSA could break in future with quantum computers)!
[1] If a bad guy could highjack a normal client-server-client connection, he could probably highjack the task of connecting two devices by setting up a proxy (man in the middle attack). And this is a critical point of your messenger protocol, because every time someone has changed the IP (switching between WiFi and Cellular) you have to reconnect.
