network communication encryption in java

Question

A friend and me are working on a Java Game with a client/server - architecture. It is working well, but i ran into a problem. We use TCP Sockets for networking between serve

Answer 1

You can use Ciphers. Some more examples here and here

Answer 2

SSL(Secure Sockets Layer) is popular to handle this kind of problem.

Answer 3

Look at the javax.crypto library or bouncyCastle.

Both provide cryptographic primitives, also for encryption. Depending on how secure you want to have it, you can use symmetric or assymetric crypto. However, also think about key management in advance. Where do you store your private/shared key.

If it is a client-server, the best way would be to use assymetric crypto (i.e. RSA, Elliptic Curve) and give every user a certificate signed with the key of the server (note, this is TLS (formerly called SSL)). This way you can check if the user logging on is authentic. However, you dont prevent custom clients since the user has to have everyone can just copy the certificate.

In practice, it is quite hard to prevent custom clients.

Answer 4

Use public-key encryption (RSA for example) and implement something like the SSL Handshake, or of course use SSL - here you can see an example.

Here's a simplified sequence:

• the server sends his public RSA key to the client
• the client generates a symmetric key (using AES for example)
• the client encrypts the symmetric key with the server's public key and sends it to the server
• the server decrypts the received symmetric key

Now both the client and the server have a key which no one eavesdropping can know. Then use that key to encrypt all data.