I have data which I need to send to a server and get back some data from the server securely. Client has the RSA Public key and server has the RSA Private Key. So I am generating a random key for AES-128/CBC cipher and encrypting my data using this cipher. The key is encrypted using RSA Public key and decrypted at server end, so both the client and server can communicate for the session.
Now, I have requirement where I need to do this in an offline fashion. The encrypted request will be sent to the server administrator and he will generate the encrypted response.The symmetric key should not be stored in Disk, for later usage. So, how the server administrator will share his symmetric key with client.
Perhaps, creating one more key pair, in which case client will have the Private Key (other than a public key which it already has) and Server will have a Public Key.
But is that secure?
Aucun commentaire:
Enregistrer un commentaire