Results 1 to 1 of 1
Thread: Client key-pairs in JSSE
- 08-15-2013, 07:02 PM #1Member
- Join Date
- Aug 2013
- Rep Power
Client key-pairs in JSSE
I have made a client-server system using Java Sockets before. I'm working on another project now with clients and a server and this time I want to use an encrypted connection using JSSE.
I have been researching with Google finding out how SSL works and I found this tutorial very useful: Using JSSE for secure socket communication
It explains how to use Keytool to generate public-private keys and how to create an SSLSocket.
In this tutorial it appears all the clients have the same key-pair and these are stored as files that the client needs access to: the servers public key and the clients own public and private key. In my system I want anyone to be able to download my client app and create an account and log in. My concern is if all the clients have the same key-pair then anyone can download the client and see what it's private key is which means the private key is no longer private. That sounds like a big problem to me but please correct me if I am wrong.
I was thinking the fix would be for the clients to generate their own key-pairs, tell the server its public key and then start the encrypted connection. Please can someone tell me how clients should generate keys for this purpose? And would I be right in thinking the server would need to use a TrustStore to keep track of each clients public key?
And of course if anyone has any other suggestions I would be happy to hear them :-)
- By VIhuri in forum New To JavaReplies: 5Last Post: 12-01-2012, 10:45 PM
- By dave141000 in forum New To JavaReplies: 1Last Post: 08-15-2009, 06:25 PM
- By Anitha in forum New To JavaReplies: 1Last Post: 06-13-2008, 01:25 PM
- By Java Tip in forum java.langReplies: 0Last Post: 04-12-2008, 08:44 PM