I’m doing a school assignment about secure communications between a Server and a Client. Basically, messages are exchanged between the clients and the server and these communications must implement confidentiality, authentication, integrity and non-repudiation.
Imagine I have to send a message from the client to the server. This is what I’ve idealized:
- Client and Server both generate their public/private keys;
- Their public keys are shared between them;
- Client, generates a session key using 'AES';
- Client encrypts the message using the session key and sends this to the server;
- Client encrypts the session key with the Server public key and send this to the server;
- Client creates a hash of the message and encrypts this hash with the client's private key and sends this to the server;
- Server uses is private key to get the session key;
- Server uses session key to decrypt the message;
- Server decrypts the hash with the client's public key;
- Server creates hash of message and compares with the above hash.
I’m thinking of creating a new session key every time the Client sends a message to the Server.
- Is this the way it should be done?
- In the generation of the keys I have to use a random number. How do i do this?
My thoughts for #2 are:
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(128,new SecureRandom());
Or this:
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(128, System.nanoTime());
Or should I use other way? I'm asking this because I don't know the best way to generate the seed.
