I am working on a java project where I have to implement SSL-protokol on the server side. Well, this is the first time I will use SSL in my application, so I read a lot about ssl / tls, and now I want to implement something in java. I will implement this process using the JSSE API:
1) the client will connect to me
2) I will do authentication using my pubic key. I mean, I will send the public key to the client and the corresponding certificate
3) the client encrypts the secret key using my public key and RSA algorithm and sends it to me
I already have a private key and certificate stored on the keystore on my computer. Therefore, I hesitate to access them from my java application . I do not know what are the steps that need to be taken to eliminate them, since this is the first time I am faced with such things.
I am using SSLEngine . Therefore, I must first initialize the SSLContext with this code:
KeyStore ksKeys = KeyStore.getInstance("JKS");
ksKeys.load(new FileInputStream("/.../myKey"), passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ksTrust.load(new FileInputStream("/../myCertificate"), passphrase);
sslContext = SSLContext.getInstance("TLS");
sslContext.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLEngine engine = sslContext.createSSLengine(hostname, port);
engine.setUseClientMode(true);
I am really new to crypthography and this is the first time I am programming this material. Any idea?
source
share