I have 2 MOD boards that need to communicate to each other via a TCP connection.
In a nut shell, i have several opto inputs on MODA and several relays on MODB, as you guess it whatever inputs are triggered on MODA need to activate the relays on MODB.
I would like to be able to encrypt this data somehow, to keep it somewhat safe from peering eyes. My question is if i buy the SSL License, will this allow me to make a secure SSL connection on a TCP port of my choosing, or is this limited to port 80 only.
Or should i just use the AES method as in the examples ?
Thanks
SSL Module License or to use AES ?
-
Chris Ruff
- Posts: 222
- Joined: Thu Apr 24, 2008 4:09 pm
- Location: topsail island, nc
- Contact:
Re: SSL Module License or to use AES ?
I have had success AES-encrypting plain-text messages (your data in hex, etc.) with the biggest key I can store on both ends.
I believe SSL is just a different way of encrypting data that has been agreed upon in the internet community and is useful for interfacing your stuff to existing infrastructure.
The main thing here, I think, since you are on both ends is to encrypt your data with a 256 bit key and transmit it using whatever method you choose, which includes a simple client-server socket set.
Chris
I believe SSL is just a different way of encrypting data that has been agreed upon in the internet community and is useful for interfacing your stuff to existing infrastructure.
The main thing here, I think, since you are on both ends is to encrypt your data with a 256 bit key and transmit it using whatever method you choose, which includes a simple client-server socket set.
Chris
Real Programmers don't comment their code. If it was hard to write, it should be hard to understand
Re: SSL Module License or to use AES ?
I would have to imagine i am not thinking outside the box with using AES.
If i encrypt a message, say my message is "Close Relay #1" and the encrypted message is:
45 cc 63 8e f6 5f 96 71 05 5b b4 2a b7 be 30 4c, that's all fine and dandy. However the problem i see is that if anyone else were to send this same message to the remote unit it would be decrypted correctly and close relay#1.
I.E. there is no distinction between the originator and a hacker sending the same data.
what am i not seeing ?
If i encrypt a message, say my message is "Close Relay #1" and the encrypted message is:
45 cc 63 8e f6 5f 96 71 05 5b b4 2a b7 be 30 4c, that's all fine and dandy. However the problem i see is that if anyone else were to send this same message to the remote unit it would be decrypted correctly and close relay#1.
I.E. there is no distinction between the originator and a hacker sending the same data.
what am i not seeing ?
-
Chris Ruff
- Posts: 222
- Joined: Thu Apr 24, 2008 4:09 pm
- Location: topsail island, nc
- Contact:
Re: SSL Module License or to use AES ?
ok. now you're thinking....
both sides have the key.
the client connects to the server and asks for a random string, the server generates the string and using his key, creates a signature from the random string using the secret key.
the man in the middle sees a random string go by
the client creates the same signature using the secret key.
the client uses the data and the signature and encodes it with the secret key and sends the string
the man in the middle sees impossible nonsense go by
the server decrypts the response with his secret key and breaks the plain text into the signature and the data. if the signature matches the data is judged to be good
.......
I didn't think this out Real Good, but the key is the random string.
That is why you always hear about the strength of the random number generator when you hear about DES AES etc.
Chris
both sides have the key.
the client connects to the server and asks for a random string, the server generates the string and using his key, creates a signature from the random string using the secret key.
the man in the middle sees a random string go by
the client creates the same signature using the secret key.
the client uses the data and the signature and encodes it with the secret key and sends the string
the man in the middle sees impossible nonsense go by
the server decrypts the response with his secret key and breaks the plain text into the signature and the data. if the signature matches the data is judged to be good
.......
I didn't think this out Real Good, but the key is the random string.
That is why you always hear about the strength of the random number generator when you hear about DES AES etc.
Chris
Real Programmers don't comment their code. If it was hard to write, it should be hard to understand
Re: SSL Module License or to use AES ?
Thats what i was thinking, but let me work it all out.
We have 2 keys, i will call them Master Key (MK) and Variable Key (VK).
The Master Key never changes, this key is used to encrypt the message used to get the variable key.
The client uses the MK to request the VK from the server. The server responds with the new VK, and then the client responds back with the string data using the new VK to control the relays.
We have 2 keys, i will call them Master Key (MK) and Variable Key (VK).
The Master Key never changes, this key is used to encrypt the message used to get the variable key.
The client uses the MK to request the VK from the server. The server responds with the new VK, and then the client responds back with the string data using the new VK to control the relays.
Re: SSL Module License or to use AES ?
I profess to being fairly ignorant about most of this stuff, but if you just want to prevent an encrypted message from being duplicated and sent again just include an always increasing sequential number in the encrypted data. Then the server can just ignore any message that comes in from a client with an out of order number.