Private key encryption over TCP java (Android) /C#
Question
I'm new on encryption.
I'm programming 2 app one for Android (JAVA) and other for Windows (C#), so I need to encrypted messages between them over TCP.
I wonder if someone could tell if what I thought is OK or there is a better and easy way.
So I thought on a symmetric encryption where I don't have to worry about certificates installations on Android devices . As consequence I thought this protocol of messages between apps.
which I want to know is OK or not.
Thanks!
1 answers
solution1
2 2015-05-22 05:40:35
I'm new on encryption.
... I thought this protocol of messages ...I don't have to worry about certificates installations on Android devices
Please don't roll your own crypto, especially if you know that you are new to it. There are enough broken crypto protocols already out there so you can safely assume that you will not succeed in making a safe protocol with your current knowledge.
And there is a reason certificates are usually used with TLS. They are used to securely identify the peer of the communication and if you don't have this kind of identification you are open to man-in-the-middle attacks. If you have different methods you can use them, because TLS does not require the use of certificates, but certificates is the most common way for identification. So no need to roll your own crypto, even if you use other ways of identifying the peer outside of certificates.
Apart from that, a much better place to ask this kind of questions is security.stackexchange.com.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.