Jump to content
Frequently Asked Questions
  • Are you not able to open the client? Try following our getting started guide
  • Still not working? Try downloading and running JarFix
  • Help! My bot doesn't do anything! Enable fresh start in client settings and restart the client
  • How to purchase with PayPal/OSRS/Crypto gold? You can purchase vouchers from other users
  • Try asking for help in the chatbox
  • Question about encryption and storing data in Java


    una_maquina
     Share

    Recommended Posts

    Hey! I got a bit of problem. I've ported my code to Java and everything's cool; got RSA authentication process completed, but now I wanna establish a private AES encryption key with every new client that has authenticated.

    My thought process on how to achieve this is: I'll need to profile my clients, I'll need to store their socket, address, and encryption key. So how do I achieve this? In Python there's dictionaries. But in Java I have no idea how to do it.

    Hopefully this is clear of what I wanna achieve. I want a way to profile my connected clients; how do I store data about them? Also information on how do I remove it once the client has disconnected would be useful too.

    Link to comment
    Share on other sites

    Quote

    My thought process on how to achieve this is: I'll need to profile my clients, I'll need to store their socket, address, and encryption key. So how do I achieve this? In Python there's dictionaries. But in Java I have no idea how to do it.

    You are probably looking for a Map
    https://docs.oracle.com/javase/8/docs/api/java/util/Map.html
     

    If you're going to deal with multiple sockets you are gonna need to use multiple threads so you might want to use a Hashtable or ConcurrentHashMap (which both extend Map)

     

    Quote

    Hopefully this is clear of what I wanna achieve. I want a way to profile my connected clients; how do I store data about them? Also information on how do I remove it once the client has disconnected would be useful too.

    There's are multiple ways to use sockets in java, how are you handling it right now?

    Link to comment
    Share on other sites

    1 hour ago, Neffarion said:

    You are probably looking for a Map
    https://docs.oracle.com/javase/8/docs/api/java/util/Map.html
     

    If you're going to deal with multiple sockets you are gonna need to use multiple threads so you might want to use a Hashtable or ConcurrentHashMap (which both extend Map)

     

    There's are multiple ways to use sockets in java, how are you handling it right now?

    Thanks for the suggestion; I saw something about maps. However, it seems to be working fine like this (what do you think?): 

    1) I created public static ArrayList<String> clientsData = new ArrayList<String>();

    2) Then after authentication, Server.clientsData.add(clientSocket.toString()+" "+decryptedSharedAESKey);

    3) Then I have a method for receiving data which takes (Socket socket and boolean decryptAES) parameters. If decryptAES is true, I simply do this:

    int i = 0;
                    for(String client: clientsData) {
                        if(client.contains(socket.toString())){
                            one = clientsData.get(i);
                        }
                        i++;
                    }
                    String[] two = one.split(" ");
                    String AESkey = two[1];

    4) Finally I simply remove the socket and its encryption key from the clientsData array once an IO exception occurs.

     

    P.S. I am using multiple threads already, since yes, I want an asynchronious server. (I thread each client, and server listener is threaded too)

     

    Edited by una_maquina
    Link to comment
    Share on other sites

    38 minutes ago, Neffarion said:

    What you want is something maps excel at, your implementation while it may work is very inefficient
    You can just put the sockets and keys in the map and get the key with a simple map.get(socket)

    Got it, I'll look into maps, thanks

    EDIT: yup, it was fairly simple. public static Hashtable<Socket, String> clientsData = new Hashtable<Socket, String>();

    Edited by una_maquina
    Link to comment
    Share on other sites

    Omg, I didn't realize I can just use a private variable in the threads and store the AES key there. That's exactly what I did. But thank you for the maps suggestion, regardless, it's gonna be of a lot of use in the future.

    8Vn1Wzi.png

    This is the server and clients in action. Each connection has an unique AES key that it uses for communication.

    What you see here, on the left is a "boss" that can send messages, and on the right are "workers" who receive messages. All of them have different AES shared key that they use for encryption and decryption. To establish that shared AES key I've used 2048bits RSA public and private keys that the server generates on each start. Also used RSA and PBKDF2 hashing algorithm for authentication. (IDK why I'm sharing this, but maybe someone will get some value in the future)

     

    Link to comment
    Share on other sites

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share

    ×
    ×
    • Create New...

    Important Information

    We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.