0

I'm making a game login/lobby in .NET. I want to handle the login portion via SSL over TcpClient & TcpListener. How do I go about working with SSL with these 2 classes? I don't want any kind of cert that needs to be installed on the client machine. I'd prefer that I would be able to just hardcode the public key right into the program, yet most example I see start dealing with cert stores.

Any advice?

user441521
  • 6,942
  • 23
  • 88
  • 160

1 Answers1

3

Secure Socket Layer (SSL) only works with cert stores, if you want to use SSL then you can't avoid this.

However you can simply do encryption using an cryptostream.

An example - Code Excerpt from http://www.xtremedotnettalk.com/showthread.php?t=80370

class Class1
{
    /// <summary>
    /// The main entry point for the application.
    /// </summary>
    [STAThread]
    static void Main(string[] args)
    {
        System.Net.Sockets.TcpClient tcp = new System.Net.Sockets.TcpClient("localhost",12345);
        Send s = new Send();
        s.sendFile("c:\\boot.ini",tcp.GetStream());
    }
}

public class Send
{
    TripleDESCryptoServiceProvider tripleDES;

    public Send()
    {
        tripleDES = new TripleDESCryptoServiceProvider();
        tripleDES.Key = Encoding.Unicode.GetBytes("foobar12foob".ToCharArray());
        tripleDES.IV = Encoding.Unicode.GetBytes("foob".ToCharArray());
    }

    public void sendFile(String fileName, Stream networkStream)
    {
        FileStream fin = new FileStream(fileName,FileMode.Open, FileAccess.Read);

        //Create variables to help with read and write.
        byte[] bin = new byte[100]; //This is intermediate storage for the encryption.
        long rdlen = 0; //This is the total number of bytes written.
        long totlen = fin.Length; //This is the total length of the input file.
        int len; //This is the number of bytes to be written at a time.

        CryptoStream encStream = new CryptoStream(networkStream, tripleDES.CreateEncryptor(), CryptoStreamMode.Write);
        Console.WriteLine("Encrypting...");

        //Read from the input file, then encrypt and write to the output file.
        while(rdlen < totlen)
        {
            len = fin.Read(bin, 0, 100);
            encStream.Write(bin, 0, len);
            rdlen = rdlen + len;
            //Console.WriteLine("{0} bytes processed", rdlen);
        }

        encStream.Close();
    }
}

class Class2
{
    /// <summary>
    /// The main entry point for the application.
    /// </summary>
    [STAThread]
    static void Main(string[] args)
    {
        //
        // TODO: Add code to start application here
        //
        Receive r = new Receive();
        System.IO.FileStream fs = System.IO.File.OpenWrite("c:\\test.txt");
        System.Net.Sockets.TcpListener tcp = new TcpListener(12345);
        tcp.Start();

        r.receiveFile(fs,tcp.AcceptTcpClient().GetStream());
        System.Console.ReadLine();
    }
}

public class Receive
{
    TripleDESCryptoServiceProvider tripleDES;

    public Receive()
    {
        tripleDES = new TripleDESCryptoServiceProvider();
        tripleDES.Key = Encoding.Unicode.GetBytes("foobar12foob".ToCharArray());
        tripleDES.IV = Encoding.Unicode.GetBytes("foob".ToCharArray());
    }

    public void receiveFile(FileStream fs, NetworkStream ns)
    {
        while(!ns.DataAvailable){}
        byte[] bin = new byte[100];
        long rdlen = 0;
        int len = 100;

        CryptoStream decStream = new CryptoStream(fs,tripleDES.CreateDecryptor(),    CryptoStreamMode.Write);
        Console.WriteLine("Decrypting...");

        while(len > 0)
        {
            len = ns.Read(bin, 0, len);
            rdlen = rdlen + len;
            decStream.Write(bin,0,len);
            Console.WriteLine("{0} bytes read, {1} total bytes", len, rdlen);
        }

        decStream.FlushFinalBlock();
        decStream.Close();

        ns.Close();
        fs.Close();
    }
}
Markus Safar
  • 6,324
  • 5
  • 28
  • 44
Justin Shield
  • 2,390
  • 16
  • 12
  • Is this considered as secure as SSL? Everything I'm reading says to use SSL. So at work in one of our projects we actually load a public .cert file via code and use it in a https request. I wouldn't be opposed to doing something like that but I don't know how to create such a cert file and how to setup the server for this as well. It just seems using SSL would be the most secure since it's such a tried and true method. I would love to just encrypt the data and be able to transmit it over as encrypted text just not sure how secure that is. – user441521 Jul 17 '11 at 21:17
  • SSL is exactly the same thing, only it's a 128bit RSA encryption. SSL uses a public key which is digitally signed by a trusted authority to allow servers to exchage symetric public keys. See [how-to-use-rsa-to-encrypt-files-huge-data-in-c](http://stackoverflow.com/questions/1199058/how-to-use-rsa-to-encrypt-files-huge-data-in-c) – Justin Shield Jul 17 '11 at 23:37
  • Can I use it to receive HTTPs webpages? I am creating proxy server application. Its working for HTTP but not HTTPs. What changes to do in this above code to receive any https page and display on client's web browser? – Aditya Bokade Feb 01 '13 at 04:10