java java中的网络通信加密
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3510706/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
network communication encryption in java
提问by Tim
A friend and me are working on a Java Game with a client/server - architecture. It is working well, but i ran into a problem. We use TCP Sockets for networking between server and client. Our network protocol isnt encrypted and can just be read by anone who bothers to watch the stream.
我和一个朋友正在开发具有客户端/服务器架构的 Java 游戏。它运行良好,但我遇到了问题。我们使用 TCP 套接字在服务器和客户端之间建立网络。我们的网络协议没有加密,只能被那些不想看流的人读取。
We thought about how we could apply some kind of cryptography to it to hide login information and prevent people to write their own clients. But basic things like adding/substracting bytes seems pretty easy to figure out.
我们考虑过如何对其应用某种加密技术来隐藏登录信息并防止人们编写自己的客户端。但是像添加/减去字节这样的基本事情似乎很容易弄清楚。
What are the usual methods used to encrypt network communication for games( or at least game login information )? And having written the server and client in java, are there any useful java libraries?
用于加密游戏网络通信(或至少是游戏登录信息)的常用方法是什么?用java编写了服务器和客户端,有没有有用的java库?
回答by Bozho
Use public-key encryption (RSA for example) and implement something like the SSL Handshake, or of course use SSL - here you can see an example.
使用公钥加密(例如 RSA)并实现SSL Handshake 之类的东西,或者当然使用 SSL -在这里您可以看到一个示例。
Here's a simplified sequence:
这是一个简化的序列:
- the server sends his public RSA key to the client
- the client generates a symmetric key (using AES for example)
- the client encrypts the symmetric key with the server's public key and sends it to the server
- the server decrypts the received symmetric key
- 服务器将他的公共 RSA 密钥发送给客户端
- 客户端生成对称密钥(例如使用 AES)
- 客户端用服务器的公钥加密对称密钥并发送给服务器
- 服务器解密收到的对称密钥
Now both the client and the server have a key which no one eavesdropping can know. Then use that key to encrypt all data.
现在客户端和服务器都有一个没有人窃听的密钥。然后使用该密钥加密所有数据。
回答by u290629
SSL(Secure Sockets Layer) is popular to handle this kind of problem.
SSL(安全套接字层)在处理此类问题时很流行。
回答by Henri
Look at the javax.crypto library or bouncyCastle.
查看 javax.crypto 库或 bouncyCastle。
Both provide cryptographic primitives, also for encryption. Depending on how secure you want to have it, you can use symmetric or assymetric crypto. However, also think about key management in advance. Where do you store your private/shared key.
两者都提供加密原语,也用于加密。根据您想要的安全程度,您可以使用对称或非对称加密。但是,也要提前考虑密钥管理。你在哪里存储你的私人/共享密钥。
If it is a client-server, the best way would be to use assymetric crypto (i.e. RSA, Elliptic Curve) and give every user a certificate signed with the key of the server (note, this is TLS (formerly called SSL)). This way you can check if the user logging on is authentic. However, you dont prevent custom clients since the user has to have everyone can just copy the certificate.
如果是客户端-服务器,最好的方法是使用非对称加密(即 RSA、Elliptic Curve)并为每个用户提供一个用服务器密钥签名的证书(注意,这是 TLS(以前称为 SSL))。这样您就可以检查登录的用户是否真实。但是,您不会阻止自定义客户端,因为用户必须让每个人都可以复制证书。
In practice, it is quite hard to prevent custom clients.
在实践中,很难阻止自定义客户端。
