How to make an encrypted channel between 2 apps?


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/public_html/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
35 views
Have 2 app (node.js in my case) between which I want to install an encrypted channel and exchange messages.

This almost completely solved the TLS and client authentication. For example something like this: https://gist.github.com/pcan/e384fcad2a83e3ce20f9a... .

However, there is a problem:

This approach involves the creation of a server certificate that is bound to a domain name:
Specify server Common Name, like 'localhost' or 'server.localhost'. The client will verify this, so make sure you have a vaild DNS name for this.


And I would like to avoid binding conditional server in this case does not and cannot have any domain name or a static IP.

So I want to get a circuit where there are 2 host which can change IP and no domain name. And they should be able to connect to each other (the initiator of the"customer connection" can be any) something like this example:
connectTo('123.123.123.123:8000');

While it is possible in advance to exchange keys / certificates.

If this is possible using TLS?

And how to adequately and safely use regular sockets and encrypt the content? (something like this https://stackoverflow.com/questions/22738754/node-...
by | 35 views

2 Answers

0 like 0 dislike
Yes, it is, of course, possible.
The server certificate will verify your client application. With this you can define a function to validate the certificate through the options.checkServerIdentity()
\rhttps://nodejs.org/api/tls.html#tls_tls_checkserve...

Usually in such cases has not verified the name and not the chain of trust, but just the server certificate hash (fingerprint or fingerprint256 ) and any good brand self-signed certificate, and it is much safer and more reliable than trust to the root CA. This technique in applications, usually called Certificate pinning.
by
0 like 0 dislike
In principle - than TLS here, if the two serv - your.
You can just give each server the same "salt" and "key".
And using any cryptographically strong functions immediately begin to transmit data between them.
From time to time - keep a few salt-key.
by

Related questions

0 like 0 dislike
2 answers
Curl 7.29 works with tls v1.2?
asked May 21, 2019 by hovdev
0 like 0 dislike
1 answer
RSA in Java How to restore the key and encrypted data created in Python?
asked Apr 13, 2019 by kosyachniy
0 like 0 dislike
1 answer
Configure asterik 15 + PJSIP + TLS?
asked Jun 8, 2019 by dronmaxman

Most popular tags

javascript php css html jquery wordpress python linux web-development mysql android windows java layout c# computer-networks node.js cpp iron yii vue.js 1C-Bitrix react laravel django nginx system-administration search-engine-optimization api ubuntu the-it-education. ajax sql programming hosting cms design apache google-chrome bootstrap Vkontakte macos google network-administration git laptops algorithms regular-expressions unity-game-engine email angular database network-equipment software wooсommerce debian .net ios information-security video law-in-it browsers books parsing wi-fi game-development career htaccess postgresql telegram mikrotik mobile-development ruby-on-rails the-domain-name-system modx Yandex c json opencart Habr freelance vpn asp.net windows-server symfony bots hard-drives math qt DIY audio frontend payment-system bash electronics gulp.js user-interface docker online-shopping
110,608 questions
257,187 answers
0 comments
40,796 users