Sample Stacks Using RSA + AES Encryption with sockets

[Mark Clark]

In case anyone has an interest, I’ve posted a simple framework for building client-server stuff with encrypted payload.

Rationale

“...I hope this simple outline will encourage others to explore using LC for client-server
applications. LC is fun and provides a lot of power in a few lines of code. I am using pretty verbose
code here which you can of course mod to your own style--hopefully I've made it easy for those new to LC or sockets in general to understand and incorporate some of these ideas.

The use of a long term RSA secret means there is no mechanism here for PFS: Perfect Forward Security (better termed Imperfect Forward Security)
What this means is that anyone who is recording your traffic could unlock all past communications if they somehow manage to acquire your secret RSA key and its password. So ya know, don't leave your keys on the countertop…"

Description

This is a simple LiveCode framework for creating a client and server that communicate over sockets using RSA to exchange a session based symmetric key and using AES to encrypt subsequent traffic--capabilities that LiveCode provides built-in. Additionally you will likely want to use strong HASH or HMACs with your app for authentication and again LiveCode provides.

Location monkey button software dot com downloads



https://www.monkeybuttonsoftware.com/monkey_button_downloads/ <https://www.monkeybuttonsoftware.com/monkey_button_downloads/>

Please feel free to write me directly if you have any questions/suggestions or find glaring holes—hopefully I didn’t make too many mistakes


Mark