Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Strength of RSA Encrypting an AES Key

I'm currently developing a system to transmit data between client and server, and was wondering what the strength of the encryption I planned to use was.

My thought was to have a private/public RSA key pair and hand out the public key to each client (leaving the private key solely on the server). Each client would then generate their own AES key and RSA encrypt it. They would then AES encrypt their data and send the encrypted data and encrypted AES key to the server. The server would then decrypt the AES key using the private key, and then decrypt the data using the AES key.

Are there any security flaws I am missing and/or is there a better way to do this?

like image 608
user201117 Avatar asked Dec 03 '22 07:12

user201117


1 Answers

This is almost exactly how SSL/TLS works (check out the handshake section). The only thing to make it stronger is to generate the AES key for each connection, rather than using the same key each time. You might also want to digitally sign messages that go back and forth to avoid man-in-the-middle and other spoofing attacks.

Generally speaking, creating a good cryptosystem is very difficult. When possible, you should always favor an existing (trusted) application to help out. In this case, you might consider sending your messages using HTTPS, rather than creating your own system.

like image 138
jheddings Avatar answered Dec 18 '22 07:12

jheddings