Using Bah.Crypto in Network communications
BlitzMax Forums/Brucey's Modules/Using Bah.Crypto in Network communications
| ||
| I've been playing with the library and looking through the examples and whilst I cannot pretend to completely understand it I cannot find an answer to a question that is really bugging me. The encryption routines need a Key and an IV. I understand that the IV needs to be random and different for every file (because it forms the input into the first block) and a Key is required to encrypt/decrypt each data block. My question is how to secure communications between client and server. The application will need the same Key at both ends (either embedded or configurable by the user), but how do I manage the IV. If it is random for every file how do I send it securely to the server? Do I encrypt it with the Key and a separate IV known only by the application? Cheers, Si... |
| ||
| The whole key-thing has two different approaches: symmetric cryptography and asymmetric cryptography If you eg. use "AES" for encryption, there is only a private key - this key has to be shared somehow with all who want to decode the whole thing. If you use something like "RSA", you will end up with with private and public keys. Without going into detail: Each side of the communication has: a private key and a public key. If you want to encode something for your partner, you use the public key of your partner to encode your data. Your partner is the only one who knows how his public key was build based on his private key and is the only one able to decode the data. For more details about alice and bob - use the google-equivalent of your choice. bye Ron |
| ||
| Thanks @Derron, I think I understand the Key now. My application uses a "Shared Secret" for the key which is configured at each node. However; The Crypto library needs an IV which (according to wikipedia) should be random/unique for every encrypted piece of data to prevent a pattern being identified in the first block. The Crypto examples all show encryption and decryption using both a KEY and IV: ... ctx.EncryptInit(EVP_CIPHER.bf_cbc(), Null, key, iv) ... ctx.DecryptInit(EVP_CIPHER.bf_cbc(), Null, key, iv) ... If I encrypt with a random number for IV and send the result to the remote host it cannot decrypt it because the IV is an unknown random number (or am I missing something obvious here). Thanks, Si... |
| ||
| I do not know much about "bah.crypto. http://stackoverflow.com/questions/1540491/how-to-communicate-aes-initialization-vector-to-client-for-hybrid-cryptosystem Seems to try to answer your question. (IV = initialization vector). bye Ron |
   |