How to make an encrypted channel between 2 apps?


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/public_html/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
35 views
Have 2 app (node.js in my case) between which I want to install an encrypted channel and exchange messages.

This almost completely solved the TLS and client authentication. For example something like this: https://gist.github.com/pcan/e384fcad2a83e3ce20f9a... .

However, there is a problem:

This approach involves the creation of a server certificate that is bound to a domain name:
Specify server Common Name, like 'localhost' or 'server.localhost'. The client will verify this, so make sure you have a vaild DNS name for this.


And I would like to avoid binding conditional server in this case does not and cannot have any domain name or a static IP.

So I want to get a circuit where there are 2 host which can change IP and no domain name. And they should be able to connect to each other (the initiator of the"customer connection" can be any) something like this example:
connectTo('123.123.123.123:8000');

While it is possible in advance to exchange keys / certificates.

If this is possible using TLS?

And how to adequately and safely use regular sockets and encrypt the content? (something like this https://stackoverflow.com/questions/22738754/node-...
by | 35 views

2 Answers

0 like 0 dislike
Yes, it is, of course, possible.
The server certificate will verify your client application. With this you can define a function to validate the certificate through the options.checkServerIdentity()
\rhttps://nodejs.org/api/tls.html#tls_tls_checkserve...

Usually in such cases has not verified the name and not the chain of trust, but just the server certificate hash (fingerprint or fingerprint256 ) and any good brand self-signed certificate, and it is much safer and more reliable than trust to the root CA. This technique in applications, usually called Certificate pinning.
by
0 like 0 dislike
In principle - than TLS here, if the two serv - your.
You can just give each server the same "salt" and "key".
And using any cryptographically strong functions immediately begin to transmit data between them.
From time to time - keep a few salt-key.
by

Related questions

0 like 0 dislike
2 answers
asked May 21, 2019 by hovdev
0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
asked Jun 8, 2019 by dronmaxman
110,608 questions
257,187 answers
0 comments
40,796 users