3

I want to secure communication between simple C# WPF client and Java server. Now i have already implemented raw sockets communication, and my security is based on:

server send RSA public key to client ->

<- client send back encrypted with RSA public key, AES key for future communication.

but i'm not assured that someone (the men in the middle) will catch and replace my public key. I suppose that for avoiding men in the middle i need to use CA certificates. Can someone help me, how to make a SSL connection between Java server ans C# client using certificates ? And where i can find some certificates for testing purpose.

savionok
  • 131
  • 1
  • 2
  • 2
    **Don't do something on your own**, but use preexisting implementations! It basically doesn't matter which languages you're using, SSL/TLS dosn't care, SSL from C# is exactly the same SSL as SSL from Java. You should take a look at this documentation for [Java](http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLServerSocketFactory.html) and for [C#](http://msdn.microsoft.com/library/system.net.security.sslstream.aspx), they will cooperate. – ordag Mar 05 '12 at 14:53

2 Answers2

5

I suggest that you use a SSL/TLS library for C# (SslStream? OpenSSL? ask on Stack Overflow if you want more recommendations) or Java (SslSocket? BouncyCastle? ask on Stack Overflow if you want more recommendations).

You can use TLS to encrypt the entire communication. As @ordag says, don't try to invent something on your own. This is tricky stuff. TLS has been carefully vetted, and there are many existing implementations, so it will be pretty easy to use.

As @symcbean says, you can easily create your own self-signed certificates (e.g., with OpenSSL), which should fine for your purposes.

Read the following questions, too: What's the difference between SSL, TLS, and HTTPS?, Best tool for testing an SSL connection in my application.

D.W.
  • 98,860
  • 33
  • 271
  • 588
  • I'd use BouncyCastle for the client(There is a .net version too). Not sure what to use for the server, since BouncyCastle is client only. – CodesInChaos Mar 06 '12 at 10:17
1

There are lots of ways to implement this, but if it were me, I'd use stunnel at both ends the wrap the connection.

Generating a self-signed certificate is relatively simple (IIRC openssl comes with a script that does it all for you - see man 8 make-ssl-cert).

symcbean
  • 18,418
  • 40
  • 74