Hi there,
I am implementing a client / server architecture ( github repo ), and I would like to offer good enough encryption on the communication for use in a corporate intranet context. I have complete control over the protocol between the client and the server, so I have no constraint.
I have the impression that using certificates in an intranet context is an overkill: it requires an extra configuration step and extra cost, and may also introduce constraints (the application may be completely cut-off from the intranet).
I think the following would work:
– generate a private public key on the server on startup (keep it only in memory of the server)
– send the public key to the client when client connects
– client generates his own public / private key pair and sends his public key to the server
– starts exchanging encrypted information.
Did I miss an important step ? Do you have any java library to recommend to generate private public key pairs ?
submitted by /u/openlowcode
[link] [comments]