Coder Social home page Coder Social logo

ssl-client-server's Introduction

Simple Java SSL/TSL Socket Server

1. What is the role of public key and private key
  • Public key is used to encrypt information.
  • Private key is used to decrypt information.
2. What is the difference between digital signature and encryption
  • When encrypting, you(client) use their public key to write message, and they(server) use their private key to decrypt to read it.
  • When signing, you(client) use your own private key to write message’s signature, and they(server) use your public key to verify if the message is yours.
3. What is the difference between keystore and truststore
  • A keystore has certs and keys in it and defines what is going to be presented to the other end of a connection.
  • A truststore has just certs in it and defines what certs that the other end will send are to be trusted.
4. The standard handshake for SSL/TSL

he standard SSL Handshake

  1. Client Hello (Information that the server needs to communicate with the client using SSL.)
    • SSL version Number
    • Cipher setting (Compression Method)
    • Session-specific Data
  2. Server Hello
    • Server picks a cipher and compression that both client and server support and tells the client about its choice, as well as some other things like a session id.
    • Server presents its certificate ( This is what client needs to validate as being signed by a trusted CA.)
    • Server presents a list of certificate authority DNs that client certs may be signed by.
  3. Client response
    • Client continues the key exchange protocol necessary to set up a TLS session.
    • Cclient presents a certificate that was signed by one of the CAs and encrypts with the server’s public key.
    • Send the pre-master (based on cipher) encrypted by Server’s public key to server.
  4. Server accepts the cert presented by client.
    • Server uses its private key to decrypt the pre-master secret. Both client and server perform steps to generate the master secret with the agreed cipher.
  5. Encryption with Session Key.
    • Both client and server exchange messages to inform that future messages will be encrypted.
5.In this simple demo, it demonstrates how to start a very simple SSL/TSL Client & server.
  • Step 1. Create a private key and public certificate for client & server by openssl tool.
openssl req -newkey rsa:2048 -nodes -keyout client-key.pem -x509 -days 365 -out client-certificate.pem
openssl req -newkey rsa:2048 -nodes -keyout server-key.pem -x509 -days 365 -out server-certificate.pem
  • Step 2. Combine the private key and public certificate into PCKS12(P12) format for client and server respectively.
openssl pkcs12 -inkey client-key.pem -in client-certificate.pem -export -out client-certificate.p12
openssl pkcs12 -inkey server-key.pem -in server-certificate.pem -export -out server-certificate.p12

  • Step 3. Place client-certificate.p12 and server-certificate.p12 into keystore and trustStore location.

    client-server

6. If everything went well, you will see this:

result

ssl-client-server's People

Contributors

alphagarden avatar dependabot[bot] avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.