Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Interface2018-04-28 14:37:15
Node.js
Interface, 2018-04-28 14:37:15

How to make an encrypted channel between 2 applications?

There are 2 applications (node.js in my case) between which I want to establish an encrypted channel and exchange messages.
This is almost completely solved by TLS and client authentication. For example something like this: https://gist.github.com/pcan/e384fcad2a83e3ce20f9a... .
However, there is a problem:
This approach involves creating a server certificate that is bound to a domain name:

Specify server Common Name, like 'localhost' or 'server.localhost'. The client will verify this, so make sure you have a vaild DNS name for this.

And I would like to avoid binding, since the conditional server in this case does not have and cannot have either a domain name or a static IP.
Thus, I want to get a scheme where there are 2 hosts that can change IP and have no domain name. And they should be able to connect to each other (anyone can act as the initiator-"client" of the connection) something like this, for example:
connectTo('123.123.123.123:8000');
At the same time, it is possible to exchange keys / certificates in advance.
Is this possible with TLS?
And how adequate and safe is it to use regular sockets and encrypt content? (like this https://stackoverflow.com/questions/22738754/node-...

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vladimir Dubrovin, 2018-04-28
@Interface

Yes, it is certainly possible.
The server certificate will validate your client application. At the same time, you can set your own function to check the certificate through options.checkServerIdentity()
https://nodejs.org/api/tls.html#tls_tls_checkserve...
Usually, in such cases, it is not the name and not the chain of trust that is checked, but simply the hash of the certificate server (fingerprint or fingerprint256 ) and absolutely any self-signed certificate is suitable, and it is much safer and more reliable than trusting root CAs. This technique in applications is usually called Certificate pinning.

Similar questions
A
Arman2019-10-14 06:59:52
Will the motherboard pull the RAM over the processor? 1Reply
K
Krypt2015-06-07 18:36:05
In openSUSE, how do I set the Scroll Lock indicator toggle using the... Scroll Lock key? 2Reply
V
Vitaly2019-05-12 20:50:18
How to set cookies in socket.io? 1Reply
B
Bogdan2019-05-13 16:29:22
Multer checking for file parameter? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question