Java How to make a socket connection secure?

0
votes

I want to setup a secure socket connection between a Server and a Client. My protocol is:

  1. The Client generates a RSA keypair and send it's public key to the server.
  2. The Server generates a AES key, encypts the key with the client's public key and ends it to the client.
  3. The client decrypts the AES key with the private key.
  4. All messages are encrypted and decrypted with the AES key.

The problem: This protocol is very vulnerable against Man-in-the-middle attacks. A attacker could easily send his own public key to the server, and receive the AES key. The attacker can spoof to be the server to the client and to be the client to the server.
How to make my connection secure?

1
javasocketsencryptioncryptography
Use TLS with publicly-signed certificates, unless you have a very good reason not to. - Marc
I have no idea what this is... Can you please explain this solution bit. - FishyCode
Then please read en.wikipedia.org/wiki/Transport_Layer_Security before coming up with your own protocol. - Marc
This article say I need a certificate? What is this and how to get one? - FishyCode
And how to implement all this in Java? - FishyCode

1 Answers

1
votes

As Marc says, use TLS. TLS uses Diffie-Hellman to secure the connection between A and B. This is also what makes HTTPS secure.

Here's a short example in Java. Note that the term SSL is used - TLS used to be SSL, but the term is still used interchangeably.