network communication encryption in java

Question

A friend and me are working on a Java Game with a client/server - architecture. It is working well, but i ran into a problem. We use TCP Sockets for networking between server and client. Our network protocol isnt encrypted and can just be read by anone who bothers to watch the stream.

We thought about how we could apply some kind of cryptography to it to hide login information and prevent people to write their own clients. But basic things like adding/substracting bytes seems pretty easy to figure out.

What are the usual methods used to encrypt network communication for games( or at least game login information )? And having written the server and client in java, are there any useful java libraries?

Answer 1

Use public-key encryption (RSA for example) and implement something like the SSL Handshake, or of course use SSL - here you can see an example.

Here's a simplified sequence:

• the server sends his public RSA key to the client
• the client generates a symmetric key (using AES for example)
• the client encrypts the symmetric key with the server's public key and sends it to the server
• the server decrypts the received symmetric key

Now both the client and the server have a key which no one eavesdropping can know. Then use that key to encrypt all data.

Answer 2

SSL(Secure Sockets Layer) is popular to handle this kind of problem.