Socket Programming
A Brief Introduction Network Programming and Encryption
Rich Lundeen
Introduction
This paper is the report of an exercise in socket programming and encryption. The objectives of this project were as follows:
● ● ● ●
To create two programs, a client and a server The server broadcasts its public key to all who connect A client attaches to the server and exchanges a session key using public key encryption A message is passed between the client and the server encrypted with a symmetric key
There are weaknesses in this scheme. There is no real authentication to speak of. On the other hand, something like this could be considered useful, especially if the server's public key were verified with a fingerprint locally. It would also be fairly trivial to extend the already trivial program so that it authenticates with a special and specific CA. There are many similarities with this scheme and how ssl or other "real" cryptographic techniques work. Many times, public key encryption is only used to transfer a key to be used with symmetric cyphers which are much more computationally fast. Not all source code is included here (although most the interesting source code is). To view the complete source code, download it from http://webstersprodigy.net/media/code/networkproject.tar.gz .
Specifications
For a socket API, I chose the Berkely model since it seems to be the standard (although Java Sockets and Winsock are fairly popular as well, they resemble the Berkely model). As a programming language I chose Python. At this level efficiency was not nearly as important to me as readability and programming ease. I chose to implement RSA as the public key algorithm, and wanted to do this from scratch. I made the decision to write the cryptography algorithms from scratch anticipating that truly random numbers and big integers would provide important insight into some of the facets of cryptography, and I was not mistaken. I chose RSA (as opposed to other probably superior
Rich Lundeen
Introduction
This paper is the report of an exercise in socket programming and encryption. The objectives of this project were as follows:
● ● ● ●
To create two programs, a client and a server The server broadcasts its public key to all who connect A client attaches to the server and exchanges a session key using public key encryption A message is passed between the client and the server encrypted with a symmetric key
There are weaknesses in this scheme. There is no real authentication to speak of. On the other hand, something like this could be considered useful, especially if the server's public key were verified with a fingerprint locally. It would also be fairly trivial to extend the already trivial program so that it authenticates with a special and specific CA. There are many similarities with this scheme and how ssl or other "real" cryptographic techniques work. Many times, public key encryption is only used to transfer a key to be used with symmetric cyphers which are much more computationally fast. Not all source code is included here (although most the interesting source code is). To view the complete source code, download it from http://webstersprodigy.net/media/code/networkproject.tar.gz .
Specifications
For a socket API, I chose the Berkely model since it seems to be the standard (although Java Sockets and Winsock are fairly popular as well, they resemble the Berkely model). As a programming language I chose Python. At this level efficiency was not nearly as important to me as readability and programming ease. I chose to implement RSA as the public key algorithm, and wanted to do this from scratch. I made the decision to write the cryptography algorithms from scratch anticipating that truly random numbers and big integers would provide important insight into some of the facets of cryptography, and I was not mistaken. I chose RSA (as opposed to other probably superior