Sending data from/to PHP/Java

Discussion in 'Programming' started by Hadies, Jun 1, 2017.

  1. I have already read this thread about sending data to and from java/php securely.

    From that thread, i have come to the conclusion that using SSL is most likely the best route to take.
    With that being said:

    I have a control panel with an API.
    I have a java server listening on a port.

    If i was to encrypt that data with AES with a secretkey only known to control panel and java server then send it from the panel/server, Would that be safe? My uneducated guess is that someone can replicated the request and have no problem sending it to the server/panel because its encrypted with the same secretkey so my panel/server would have no problem decrypting it. Would adding the time to the data BEFORE encryption, then checking the time AFTER decryption to verify that the request is NEW and not something that was sent 20 minutes ago?

    Probably sounds like a bundle of mess, but ive been trying to wrap my head around this for the past 2 days.

    I appreciate any help.
     
  2. Not a answer but: use end-to-end encryption. Use signatures from end to end encryption to make sure the sender is who you think it is. I can't give you example code right now, but it is the same thing minecraft uses to make sure the skins are from the minecraft servers. https://en.wikipedia.org/wiki/Digital_signature

    And, i am not sure, but i think RSA is better then AES.
     
  3. Yeah, i agree RSA is better, i need to figure out how to sign it
     
  4. I have a great document from the University of Technology Eindhoven. One problem, it is ducth.
    But a small part:

    Bob would have:

    Two big prime numbers: p and q
    n = p * q
    A random number e wich has no common factor with φ(n)
    d = e^-1 mod φ(n) (secret key)
    n and e are the public keys
    p, q and d are secret

    To encrypt: c = x^e mod n
    To decrypt: x = c^d mod n
    The signatures works as followed:

    Create signature: s = x^d mod n
    Check signature: x = s^e mod n

    Alice could use the encrypt to encrypt formula
    Bob can decrypt with the decrypt formula
    Alice can check the signature from Bob using the check signature formula

    Important
    I don't know how big the numbers have to be (more then 256 bits i think)
    You should check this, maybe i made a mistake
    Most computers have built in software to do this