1

I am trying to create node server in TLS and create a TLS client in electron, to distribute as desktop application to users. I can add certificates to my TLS server and run it.

But how do I create the client which requires me to insert key and cert in options to create client.

tls.connect(8000, {
     key: fs.readFileSync('client-key.pem'),
     cert: fs.readFileSync('client-cert.pem')
})

Where do I store the key and cert files? Should it be bundled along with the downloaded electron app?

If the key and cert can be read unpacking the application, doesnt it makes security compromised?

If the key and cert are stored in electron bundle, its going to be same key and cert for every one downloading the application, doesnt it makes security compromised?

If the key and cert are stored in electron bundle, how do I update the certificate(when changed in the server) after user downloads the application?

I worked based on this link https://github.com/nodejs/help/issues/253

It would be great if someone can point me in the right direction.

We are facing websocket blocked for some users, so we are trying to use TLS duplex socket.

Anthony
  • 602
  • 4
  • 18

1 Answers1

0

It looks like I dont need client certificate after all in my case. Seems I can authenticate with auth token or username/password. This one way TLS will be offering the full socket encryption to prevent Man-in-the-middle attack.

Incase of using self signed certificates as in example above, supplying CA certificate alone can suffice to make it work for POC stage.

tls.connect(8000, {
 ca: fs.readFileSync('ca.crt')
})

The following materials helped in arriving to my conclusion:

https://chat.stackoverflow.com/rooms/118168/discussion-between-castaglia-and-agm

https://stackoverflow.com/a/8230650/5384225

https://crypto.stackexchange.com/a/406/75660

Still I dont have answers for the original questions I had asked.

Anthony
  • 602
  • 4
  • 18