In case anyone has an interest, I’ve posted a simple framework for building 
client-server stuff with encrypted payload.

Rationale

“...I hope this simple outline will encourage others to explore using LC for 
client-server
applications. LC is fun and provides a lot of power in a few lines of code. I 
am using pretty verbose
code here which you can of course mod to your own style--hopefully I've made it 
easy for those new to LC or sockets in general to understand and incorporate 
some of these ideas.

The use of a long term RSA secret means there is no mechanism here for PFS: 
Perfect Forward Security (better termed Imperfect Forward Security)
What this means is that anyone who is recording your traffic could unlock all 
past communications if they somehow manage to acquire your secret RSA key and 
its password. So ya know, don't leave your keys on the countertop…"

Description

This is a simple LiveCode framework for creating a client and server that 
communicate over sockets using RSA to exchange a session based symmetric key 
and using AES to encrypt subsequent traffic--capabilities that LiveCode 
provides built-in. Additionally you will likely want to use strong HASH or 
HMACs with your app for authentication and again LiveCode provides.

Location monkey button software dot com downloads



https://www.monkeybuttonsoftware.com/monkey_button_downloads/ 
<https://www.monkeybuttonsoftware.com/monkey_button_downloads/>

Please feel free to write me directly if you have any questions/suggestions or 
find glaring holes—hopefully I didn’t make too many mistakes


Mark
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Reply via email to