Encryption with the TcpIpConnection class

Forums for specific tips, techniques and example code
bdoolan
Posts: 19
Joined: Fri Aug 14, 2009 7:26 pm

Encryption with the TcpIpConnection class

Postby bdoolan » Thu Jun 17, 2010 8:31 am

Hi,
I've implemented a straightforward server for HTML5 WebSockets. It turned out to be much easier than anticipated and Jade notifications made the comms between the webSockets server process and the normal http server processes very straightforward.

To pass data between the webSocket server and the browser I use AES encryption or just plaintext, depending on how sensitive the sender considers the data to be. Encrypting and decrypting is fast on the server but starts to get slow on the client for large messages (say around 200K) and can freeze the browser. It work fine for messages around 20K though, and most are less than this.

However, the WebSockets standard supports the equivalent of https (wss) and I was wondering if the TcpIpConnection class on the webSocket server can use the same certificates as the https connection uses. I know very little about this area - just enough to get things working - so it may be a silly question.

In Apache, I supply 3 files to get https working: XXX.ca-bundle, XXX.crt and XXX.key. XXX.ca-bundle contains the well-known root CA certificates, XXX.crt is the public certificate and XXX.key is the private key. I've looked at the JadeSSLContext and JadeX509Certificate classes but I can't see how these three files fit in with these classes.

Does anyone know if I can get encryption via these certificate files going with the TcpIpConnection class and, if so, how? Any pointers would be appreciated.

Thanks in advance,

Brendan

murray
Posts: 144
Joined: Fri Aug 14, 2009 6:58 pm
Location: New Plymouth, New Zealand

Re: Encryption with the TcpIpConnection class

Postby murray » Thu Jun 17, 2010 8:22 pm

Having worked with SSL on TcpIpConnections in the past I can tell you (from what I can recall) that:
  • (1) the TcpIpConnection needs a JadeSSLContext object to implement SSL
    (2) the JadeSSLContext needs a JadeX509Certificate object for the certificates and keys.
    (3) the JadeX509Certificate loads certificates and keys from external files.
I used certificates and keys in PEM format (as per the Jade manuals) and it all worked OK.
The openssl command line utility and website can provide a lot of help. The NCSA website is also helpful, see: http://security.ncsa.illinois.edu/resea ... enssl.html.
Hopefully someone else can provide more in-depth help, but I think the certificate and key files need attention.
Have you read the description of JadeX509Certificate in the Jade manual?

Murray.
Murray (N.Z.)


Return to “Tips and Techniques”

Who is online

Users browsing this forum: No registered users and 19 guests