tags:

views:

162

answers:

3
+1  Q: 

Client server AES encryption

I am developing a client server application in which data is transferred between two clients through the server.

The data should be encrypted and I thought of using AES. My thought was to use PBKDF2 in order to derive the AES key from the client's password.

In this case the client will encode the data, the server will decode it, reencode it using the 2nd client's password and send it to the 2nd client.

Do you think this is the best way to implement this?

Is there a way for the first client to encode and the 2nd client to decode without server interference?

How can I encrypt the AES key and transfer it from one client to the other?

+1  A: 

You could use an asymmetric encryption algorithm to send the AES key securely and then use this key for symmetric AES encryption/decryption. The communication could go like this:

  1. A client wants to talk to a server with encrypted messages.
  2. The client generates a pair of public/private keys and sends the public key to the server.
  3. The server uses the public key to encrypt some secret key and sends it back to the client.
  4. The client uses his private key to decrypt the secret (both now know the secret key to encrypt/decrypt their communication).
  5. The client uses AES with the secret key to encrypt the message he wants to send to the server.
  6. The server uses the secret key to decrypt the message.
Darin Dimitrov  2009-11-22 13:08:05
is RSA or any other asymmetric algorithm better than derivation function?
lebamb  2009-11-22 13:35:47
+1  A: 

You could also use Diffie–Hellman key exchange. What programming language do you use?

JustMaximumPower  2009-11-22 13:12:07
i am writing in c++how can i use Diffie-Hellman? you mean that the output key of DH will be used as the AES key?i think it doesn't allow me to perform enc/dec only in client side.I forgot to mention that client may send the data to several recipient clients
lebamb  2009-11-22 13:31:30
A: 

What do you think of the following solution?

  1. Client and server create a private AES key using Diffie-Hellman (this key is specific to each client).
  2. Transmitting client creates a session AES key and encodes it using the private AES key.
  3. Server decrypts the session key and re-encrypt it for every client in the session (using each client's private key).
  4. Transmitting client encrypts the data using the session AES key and sends it to the server.
  5. Server sends the data to all recipient clients without any required processing.
lebamb  2009-11-23 10:21:04

related questions

Mimic AES_ENCRYPT and AES_DECRYPT functions in Ruby
AES in ASP.NET with VB.NET
AES encryption of 16 bytes without salt
Why can't C# decrypt the output from Perl's Crypt::Rijndael?
AES interoperability between .Net and iPhone?
Decrypting RijndaelManaged Encrypted strings with CryptDecrypt
Misunderstanding MixColumns step
Best way to implement an SFTP server solution?
Java Cipher - AES Padding Problem
Encryption algorithm/library for .NET 2.0 + C++
What is the algorithm identifier when using AES in CBC mode with ISO 10126 padding inside of PKCS#7?
Converting the Rijndaelmanged() byte[] to a string
What do Streams do when implementing AES encrption in .NET?
How to store the AES Rijndael generated Key to the database?
RijndaelManaged supports 128-256 bit key, what key size the default constructor generator?
c# implementations of AES encryption
AES encryption, what are public and private keys?
How to encrypt in VBScript using AES?
AES encryption, sample code
Which AES library to use in Ruby/Python?
IPSec AES 256 encryption in Windows XP with Service Pack 3?
Does IE6 Support AES 256 bit encryption?
Does AES (128 or 256) encryption expand the data? If so, by how much?
Strong SSL with Tomcat 6
.NET's SslStream is always negotiating to the least secure cipher I have. How can I change this?