• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSLServerSocketFactory

 
Ranch Hand
Posts: 212
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I was reading a tutorial about SSLServerSocketFactory and it said I need to create a certificate, but elsewhere I read that this factory handles it transparently. If the latter is true, does that mean that all the key handling, key authentication, encryption, decryption etc is taken care of automatically? All I need to do is set one of the available cipher suites?

I was looking over the available cipher suites. I am certainly not an expert on this, but have a general idea of many of the protocols. Would this be a good choice? TLS_RSA_WITH_AES_128_CBC_SHA

I am not sure what CBC means, but is RSA used to encrypt the private key, the message hashes with SHA and then all the data being send encrypted with AES?

I am writing a secure chat room, where not only the sign up and log in functions, but all the messages from the users in the chat room. I would like it to be reasonably fast, and I know AES is. Some of the other available ciphers are quite insecure and am surprised they are even in the list, like DES and RC4.
[ March 16, 2007: Message edited by: David McCombs ]
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You will need to install a certificate on the server, but after that everything else is handled transparently. The process to do that is described here in the section titled "Prepare the Certificate Keystore".

Not sure about your questions concerning ciphers, but it sounds like they be moot, since SSL handles all that. Or do you want to encrypt stuff outside of the transport as well?
 
David McCombs
Ranch Hand
Posts: 212
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you

Well, I was trying to figure out what is happening under the hood for educational reason, and to add to my project write up. The project is a standalone and doesn't rely on a servlet container.

I guess now I need to ask what is the best was to secure the certificate?
[ March 17, 2007: Message edited by: David McCombs ]
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I guess now I need to ask what is the best was to secure the certificate?



What do you mean by "secure the certificate"? A certificate can be used for securing a connection, i.e. by using SSL.
 
David McCombs
Ranch Hand
Posts: 212
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Where and how should it be stored on the hard drive?
 
David McCombs
Ranch Hand
Posts: 212
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK, this is what I have for the code to create the SSLServerSocket



I know storing the password in code is a bad idea, this is just to get the ball rolling.

Here is how I created the key

keytool -genkey -keystore chat.ky -keyalg RSA

Does it look like I am on the right path?
[ March 17, 2007: Message edited by: David McCombs ]
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic