I have a TCP/IP
chat application that sends back and forth ChatMessage
objects that hold the int type and String message of a message.
My question is: How can I make it more secure?
Thank you!
There are two ways that I can think up of: CipherOutputStream
and SSLSocket
CipherOutputStream :
byte[] keyBytes = "1234123412341234".getBytes();
final byte[] ivBytes = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; //example
final SecretKey key = new SecretKeySpec(keyBytes, "AES");
final IvParameterSpec IV = new IvParameterSpec(ivBytes);
final Cipher cipher = Cipher.getInstance("AES/CFB8/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key, IV);
//assuming your Socket is called "socket"
CipherOutputStream cstream = new CipherOutputStream(socket.getOutputStream(), cipher);
...
//code to write ChatMessage object
OR, you can use SSL: how to do ssl socket programming
Here's how you do it in pseudocode, assuming you need a secure system providing data Confidentiality
, Integrity
and User Authenticity
. ( http://en.wikipedia.org/wiki/Information_security ). These are the general requirements for a secure chat system anyways.
Now you can go learn these concepts and they fairly straightforward to implement. For Algorithms, the most popular used are:
Both of these algorithms have Java implementations available, checkout the Bouncy Castle crypto API package.
Note: If you are using a web application, and just need to securely transfer the messages, you can use SSL as someone suggested in the comments.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.