tags:

views:

72

answers:

3
Q: 

Flash & C# encryption

Hello all,

I am creating a TCP connect with Flash to a C# daemon.

Now I have come to the part of encryption... I know that Flash is decompilable and so not safe to store private keys on.

I need 2 way encryption because of the messages that have to be send back to the Flash client.

I have been thinking and googling, but cannot find a proper solution yet.

Anybody got an idea??

+2  A: 

You'd usually use a hybrid encryption.

  1. Client opens a session on the server, acquiring public key for an asymmetric encryption.
  2. Client generates a key for a symmetric encryption, and sends this key to the server, encrypted with the public key previously acquired.
  3. The rest of the communication is encrypted using a symmetric encryption with they key now known to both client and server.

greetz
back2dos

back2dos  2010-07-06 14:36:41
The OP should read _Applied Cryptography_. This solution is OK and is described in that book. It has a weakness called "man in the middle" which can be accomplished with DNS hijacking or inserting a driver in the TCP/IP stack. But +1
Heath Hunnicutt  2010-07-06 14:44:14
@Heath Hunnicutt: I have to admit, I never read it, but I do know about *man in the middle*. Does it also provide a solution to protect a client-server-architecture against *man in the middle*, assuming the client code is actually sent over that very insecure wire?
back2dos  2010-07-06 14:56:09
A: 

back2dos' solution will work (and be the easiest) if your connection is SSL/TLS.

If you are forced to use regular sockets (e.g., the server does not have an SSL certificate), then you'll need to do the same by hand. In this case, you'll need to use a Diffie-Hellman key exchange, which enables the creation of a shared secret that is not actually sent over the wire.

Again, if possible, use back2dos' solution. It's a lot easier.

Stephen Cleary  2010-07-06 14:43:09
A: 

...............

fuck  2010-07-12 14:03:11
Answers are not comments. If you want to post comments, click on the "add comment" feature. You can delete you answers.
Sam  2010-07-16 19:36:29
you mean can't, don't you? it's ok, I can blank them instead :)
fuck  2010-08-03 05:24:44

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?