Menu
I have an application that is going to start an ad-hoc web server to serve a web application (available only via the local wifi network) with front end/backend communication via SignalR. This will be set up on random computers so SSL will not be available but both sides of the communication can easily share a password out-of-band.
We cannot assume that there will not be malicious actors on the wifi network (in fact, this will be used in schools and I would hate for a smart kid to "hack" it with some very basic network snooping and get expelled).
Without ssl, I would like to do is go old-school and have the person on each end input a passphrase, and then use that passphrase to encrypt all communication between the client and the server. I'm happy to use AES, or any established symmetric encryption algorithm.
The issue that I'm having is that I have no clue how to plug that into SignalR. Specifically, given I have c#/javascript encrypt(str, key) and decrypt(str, key) functions - how do I tell SignalR to use these at both the client and the server endpoints to encrypt/decrypt messages?
To clarify as there seems to be some confusion; sharing keys is not a problem in this case, integrating whatever encryption/decryption scheme I come up with into SignalR is. Any help is appreciated
644
I don't think you have to have SignalR actually do anything with encrypt/decrypt. You could let the client handle encryption/decryption with plain text routing information that can get the encrypted payload to where it needs to go.
190
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
