I'm working on a tool which would need to communitacte: send and recieve files with other remote instances of the tool over the internet. Which communication option would be best to use in this case ? Sockets?
A:
It depends a lot on the environment they are operating in. TCP Sockets are quite straight forward to use as long as you check your reads and writes are successful. However you may have some trouble with firewalls, or you may not want to deal with a stream of raw bytes at each end, in which case a higher level protocol such as HTTP or FTP might be a better solution.
It also depends on which language you're working in and what support is given for particular protocols in its libraries.
Cogsy
2008-12-22 12:07:04
I'm working with C#.FTP looks like the way to go but i'm wondering how public key exchanges can be done with that... perhaps wrap the keys in a txt file and send?
gogole
2008-12-22 12:23:11
Afraid I can't be much help. Have a look at SFTP
Cogsy
2008-12-23 05:30:26
+4
A:
Sockets is definitely not the way to go. Instead you should use an already existing, higher layer protocol, like FTP or even HTTP. Sockets only expose bare TCP/IP functionality. So to send/receive files, you would end up adding the application logic yourself (you need to deal with lost packets for example). Higher layer protocols already do this for you.
kgiannakakis
2008-12-22 12:16:26
ok then, since the app will be sending encrypted files of which the symmetric key for the file would be sent using RSA would you agree FTP is the best option
gogole
2008-12-22 12:36:42
absolutely not unless you know that it's possible for the users of your application to get firewall policies changed. Even worse, FTP doesn't play well with firewalls because of the way it uses two sockets (one for commands, one for data).
Alnitak
2008-12-22 13:32:34
A:
You shouldn't expect to be able to make inbound connections to arbitrary machines all over the internet - firewall policies will almost certainly get in the way.
Therefore you're probably better off having a central server to which all instances of the tool connect, and to which files can be uploaded for subsequent download by other instances.
As per other answers, I wouldn't recommend a low-level socket connection. HTTP would probably be the right way to go.
Alnitak
2008-12-22 12:19:06
hmm, centralizing file transfer ... would this fly with a file/text encryption application (that is what i'm building) ?
gogole
2008-12-22 12:28:32
probably not - but then that detail wasn't in the stated set of requirements! The comments about inbound socket connections still stand, though.
Alnitak
2008-12-22 13:31:08
A:
From your comments on the other answers it sounds like you are confusing the file transport with the file encryption. As others have pointed out, you could use HTTP or FTP to transfer the files. HTTP already works over SSL which can authenticate the server, encrypt the traffic and (with a bit more work) authenticate the client.
If you want the files themselves to be encrypted as well, your best bet is again to use something that already exists, e.g. PGP (or an implementation of it such as GPG). You could also look at S/MIME but PGP will be simpler. If you reinvent your own encryption there are too many pitfalls that you will find difficult to avoid.
frankodwyer
2008-12-22 12:41:08
i'm using TriDES or AES for my file encryptions and RSA for secure communication of the symmetric keys of the the encrypted file . Now i'm looking for the best communication option to get the file and the public keys across (HTTP or FTP).As i see it i haven't reinvented anything.
gogole
2008-12-22 12:51:07
Well, the likes of PGP and S/MIME already implement the first part. And HTTP / FTP etc does the second part. PGP / S/MIME also address the problem of being able to trust the public keys, though if you have a very simple case you may not need this.
frankodwyer
2008-12-22 14:00:25
+1
A:
One point about HTTP is that good, mature and (to a greater or lesser extent) security audited HTTP client and server libraries are available for pretty much any language or platform. This will save you the effort of building and debugging your own, and security is a significant issue if the HTTP servers could be exposed to the public internet.
EDIT: For C#, you might try Windows Communication Foundation which also supports higher level protocols.
ConcernedOfTunbridgeWells
2008-12-22 13:52:06
A:
If all you're needing is simple file transfer between instances, I'd suggest looking into any available tftp client/server libraries for your language.
Chris
2008-12-22 14:02:34