1
1
12rbah2020-10-07 17:33:00
Information Security
12rbah, 2020-10-07 17:33:00

Do I understand how secure protocols work?

I started to study the topic of encrypted communication and write a small application for data exchange. The idea is something like this:
* The same encryption key is set on both sides
* When transmitting information, it is first encrypted with a key and then transmitted in this form
* Another user receives this data and decrypts it with the same key

Tell me what are the errors and how can this idea be improved?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
S
Somewhere Intech, 2020-10-07
@12rbah

This is symmetric encryption, asymmetric otherwise.
Asymmetric on the example of TLS (https):
The server and the user have (generate) a pair of keys - open and closed (secret) at the time of connection initialization. They exchange public keys. The user encrypts the server with the public key and sends him a request, which can only be decrypted with the server's private key. And vice versa, the server encrypts the response with the user's public key...

C
CityCat4, 2020-10-07
@CityCat4

The general idea is correct - we used to play "scouts" at school :) But here one problem arises - it's not a problem to pass the key to a classmate :) But what if people are thousands of kilometers away from you?
No, of course you can do it like this:
"... - Just not open," Yulia was wary. "Code it somehow.
" Riggeld was silent for a while, calculating.
"Roma," he said. Multiply
by ten. Subtract ... uh-uh ... How many knights of the islands, remember? ... "
(C) Vladimir Vasiliev "Death or Glory"
But if a person is a stranger, this method is unlikely to work. Therefore, asymmetric encryption was invented - when it is encrypted with one key and decrypted with another. At the same time, the key used for encryption can be safely transmitted in any way - its knowledge does not make it possible to decrypt the message.
So, despite the fact that we are moving in the right direction, the idea needs to be reconsidered :)

P
pazukdev, 2021-01-27
@pazukdev

You can only exchange data securely with someone if both of you have a common key to encrypt and decrypt it that no one else knows about. The problem is how to get both of you to have it without anyone recognizing it. Those. how to transfer the key over an open channel without compromising it. Asymmetric encryption is just about that.
The algorithm of this operation is as follows:
1. The server sends the public key to the client over an insecure connection.
2. Based on the public key of the server, the client creates a shared (common) key and stores it with himself.
3. The client encrypts its shared key and sends it encrypted to the server.
4. The server decrypts the encrypted shared key using its private key and receives the shared key from itself.
Asymmetric encryption completed its task - handshake took place. Further, the client and server, having a shared key, can exchange already symmetrically encrypted data.

R
Ruslan, 2020-10-07
@msHack

No, you misunderstood the encryption algorithms, there are different ones, the algorithm you mentioned is a public key algorithm there is a public key there is a private key open encryption private decryption this is the RSA algorithm there is also AES
to make secure protocols it is not necessary to study encryption, you can just use the library of functions for example openssl

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question