In case anyone has an interest, I’ve posted a simple framework for building client-server stuff with encrypted payload.
Rationale “...I hope this simple outline will encourage others to explore using LC for client-server applications. LC is fun and provides a lot of power in a few lines of code. I am using pretty verbose code here which you can of course mod to your own style--hopefully I've made it easy for those new to LC or sockets in general to understand and incorporate some of these ideas. The use of a long term RSA secret means there is no mechanism here for PFS: Perfect Forward Security (better termed Imperfect Forward Security) What this means is that anyone who is recording your traffic could unlock all past communications if they somehow manage to acquire your secret RSA key and its password. So ya know, don't leave your keys on the countertop…" Description This is a simple LiveCode framework for creating a client and server that communicate over sockets using RSA to exchange a session based symmetric key and using AES to encrypt subsequent traffic--capabilities that LiveCode provides built-in. Additionally you will likely want to use strong HASH or HMACs with your app for authentication and again LiveCode provides. Location monkey button software dot com downloads https://www.monkeybuttonsoftware.com/monkey_button_downloads/ <https://www.monkeybuttonsoftware.com/monkey_button_downloads/> Please feel free to write me directly if you have any questions/suggestions or find glaring holes—hopefully I didn’t make too many mistakes Mark _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode