tags:

views:

54

answers:

4
Q: 

network communication encryption in java

Hi there o/,

A friend and me are working on a Java Game with a client/server - architecture. It is working well, but i ran into a problem. We use TCP Sockets for networking between server and client. Our network protocol isnt encrypted and can just be read by anone who bothers to watch the stream.

We thought about how we could apply some kind of cryptography to it to hide login information and prevent people to write their own clients. But basic things like adding/substracting bytes seems pretty easy to figure out.

What are the usual methods used to encrypt network communication for games( or at least game login information )? And having written the server and client in java, are there any useful java libraries?

+3  A: 

SSL(Secure Sockets Layer) is popular to handle this kind of problem.

卢声远 Shengyuan Lu  2010-08-18 09:45:33
A: 

You can use Ciphers. Some more examples here and here

bdhar  2010-08-18 09:45:57
+1  A: 

Use public-key encryption (RSA for example) and implement something like the SSL Handshake, or of course use SSL - here you can see an example.

Here's a simplified sequence:

  • the server sends his public RSA key to the client
  • the client generates a symmetric key (using AES for example)
  • the client encrypts the symmetric key with the server's public key and sends it to the server
  • the server decrypts the received symmetric key

Now both the client and the server have a key which no one eavesdropping can know. Then use that key to encrypt all data.

Bozho  2010-08-18 09:46:28
Works, but anyone who has a valid client and a valid login can still reverse engineer the protocol and thus create a custom client...
Henri  2010-08-18 09:51:42
JSSE seems to be what i was looking for and ill just have to change the sockettypes and create the keys. for the reverse engineerign part, that isnt a problem in this project since it wont be anything big and i dont think anyone will waste their time re-ing this one and was thought as a learning experience.and if it happens i guess ill have to roll out a update to get rid of a custom client till someone caught up.Thx for the answer.
Tim  2010-08-18 10:17:00
+1  A: 

Look at the javax.crypto library or bouncyCastle.

Both provide cryptographic primitives, also for encryption. Depending on how secure you want to have it, you can use symmetric or assymetric crypto. However, also think about key management in advance. Where do you store your private/shared key.

If it is a client-server, the best way would be to use assymetric crypto (i.e. RSA, Elliptic Curve) and give every user a certificate signed with the key of the server (note, this is TLS (formerly called SSL)). This way you can check if the user logging on is authentic. However, you dont prevent custom clients since the user has to have everyone can just copy the certificate.

In practice, it is quite hard to prevent custom clients.

Henri  2010-08-18 09:50:30

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java