java - Creating a secure connection between a desktop app and remote server? -
i have desktop app needs communicate remote server securely.
- all data must encrypted.
- which means data can no altered third party.
- no 1 should able resend same data twice (replay attacks)
- list item
the server setup restful api, desktop client making https (get, post, push , delete) calls.
i know ssl certificate not sufficient. there tools mitmproxy resign certificate , show attacker plain text.
my question not concerning interworking of encryption in general. know common practice provide perfect forward secrecy used in practice in real world?!
if server written in python , clients written in java, there tutorials or libraries can at?
ssl sounds exactly solution scenario. statement regarding man-in-the-middle attacks ignores critical point - tools such 1 mention require client connections being intercepted has been set trust tool's ca certificate (which uses authenticate server being intercepted). if authenticating server (and optionally client) certificates, there should no issue man-in-the-middle attacks. replay attacks third-party prevented ssl.
perfect forward secrecy separate topic, again there pfs mechanisms available in ssl (e.g. using diffie-hellman ephemeral key exchange).
as others have mentioned, recommendations tutorials/libraries off-topic stackoverflow.
Comments
Post a Comment