I am using AES for encryption on a java system and decrypting it back on a javascript platform. What is the best way for a secure key exchange over such system ?
Asked
Active
Viewed 196 times
0
-
2There is no "best way". It depends on the use case, attack scenarios etc. If the Java Script is in the browser I would use TLS for the key exchange, and then use the key within the TLS protocol :) – Maarten Bodewes Mar 27 '14 at 08:37
-
Relevant: http://www.matasano.com/articles/javascript-cryptography/ – ntoskrnl Mar 27 '14 at 12:34
-
Take @owlstead's advice, don't do it. Just use SSL/TLS. – DarkWanderer Mar 27 '14 at 13:41
1 Answers
0
As @owlstead said, there is no such thing as "best way": analyze your security and performance requirements and choose a well-tried protocol as SSL/TLS.
Note: AES is indeed a symmetric crypto-system, for key exchange we usually start with an asymmetric protocol to agree on a symmetric key. Then this key is used to protect the following communication with a symmetric protocol.
n0p
- 3,399
- 2
- 29
- 50
-
I am planning to use Diffie-Hellman key exchange for the symmetric key transfer. Any suggestions regarding that ? – rkj Apr 01 '14 at 07:06
-
It is a good idea [this](http://docs.oracle.com/javase/7/docs/api/javax/crypto/KeyAgreement.html) might help. – n0p Apr 01 '14 at 07:12