0

I need to make two java proceses on the same host to communicate securely. I do not need to authenticate the processes so I don't want to use certificates.

I want to generate a random key in the server and client, exchange the keys between the processes using Elgamal; establish common symmetric key across the processes; and then communicate securely.

As far as I can think of, this can be done by implementing RMIServerSocketFactory and RMIClientSocketFactory interfaces to establish symmetric key as discussed above.

Is there already an implementation to do that?

Or is there a way to configure SslRMIServerSocketFactory and SslRMIClientSocketFactory to start using ElGamal as the key exchange protocol

ElGamal is preferred choice over RSA as ElGamal will generate random symmetric keys for each handshake while RSA will generate static keys every time.

Paŭlo Ebermann
  • 73,284
  • 20
  • 146
  • 210
Saurabh
  • 195
  • 1
  • 2
  • 7
  • Welcome to Cryptography Stack Exchange. We tend to focus here more on the theoretical side of cryptography, not at the usage of certain implementations of it. As such, I'm migrating your question to our sister site Stack Overflow, where it seems much more on-topic. – Paŭlo Ebermann Oct 08 '12 at 08:11
  • What do you mean by "communicate securely"? What do you want to protect against? How do you know you're talking to the right process? I'm also pretty sure that encryption isn't the right answer to your underlying problem in the first place. – CodesInChaos Oct 08 '12 at 11:37

1 Answers1

2

I need to make two java proceses on the same host to communicate securely. I do not need to authenticate the processes so I don't want to use certificates.

Your reasoning is flawed from the start unfortunately. However "hardened" a communication channel is, you'll always want to make sure you're communicating with the intended party if you want to exchange data secretly. Authentication in one form or another is necessary to do so.

In theory, you can do away with certificates and use PSK cipher suites (which would effectively include the authentication step). This isn't supported by default with the Oracle/OpenJDK JRE. In addition, if you're working on the assumption that your certificate's private key would be compromised (as suggested by your other question), the same problem could happen with the pre-shared keys anyway.

Community
  • 1
  • 1
Bruno
  • 119,590
  • 31
  • 270
  • 376