(TCP/IP, C#) SSL(One-time-key) type of security?

Question

0.00/5 (No votes)

See more:

Hello Codeproject,

I'm looking to create a secure connection between a server and a client. The client will be sending valuable information, and because it's valuable I wish to secure the information transferred from one another.

A type of security that does what I mean is SSL. Basically I'd like to create a temporary encryption-key between the two, but I have no idea how to give either the client or the server a key without it being stolen by a third party program.

Am I confused about how SSL works, or is there a solution for this, and any ideas to approach this are welcome too!

Regards,
- Dimitri

Posted 9-May-14 2:46am

Dimitri Nostarik

Updated 9-May-14 4:32am

v3

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Rob Philpott · Answer 1 · 2014-05-09T03:48:00

Solution 1

Sounds like SSL is what you want. It does two things for you, encrypts the data sent back and forth so it can't (allegedly) be any use to anyone eavesdropping but it also confirms the server is the real server and not some imposter.

SSL exchanges a symmetric key using asymmetric encryption - that is the encryption key is itself encrypted at the start of session.

You need to purchase a certificate from somewhere (pretty cheap, I'm about to renew the one on my domain for a Princely $4) and install it on the server. How you use it then depends on what the client/server setup is. Are you using IIS?

Posted 9-May-14 3:48am

Rob Philpott

Comments

Dimitri Nostarik 9-May-14 10:19am

Uhm, no. I might have asked the questions incorrectly. I'm looking for an idea on how to approach this on a simple TCP(Client/Server) using the reading and writing of byte arrays.

Thanks a lot for your input though!

Regards,
- Dimitri

Rob Philpott 9-May-14 10:27am

You can use this approach for that, I did it once a long time ago, can't remember how but I'll look if I can find the source. TcpClient exposes a networkstream, which you can feed into a CryptoStream - have a look at that...

Dimitri Nostarik 9-May-14 10:30am

Thanks!