Data Encryption and integrity check in the Socket development framework, and socket Data Encryption

Data Encryption and integrity check in the Socket development framework, and socket Data Encryption

The previous two articles introduced the design ideas of the Socket framework and the content of data transmission. The guiding principle of the design of the entire framework is that it is easy to use and secure, it can be used for secure data transmission from the client to the server. To achieve this goal, we need to design transmission of good news and data encryption. This article describes how to use the Socket transmission protocol to process data encryption and data integrity verification. Data Encryption can be achieved through RSA asymmetric encryption, we can verify and compare the MD5 data of the transmitted content.

1. Socket framework transmission Content Analysis

The Socket protocol is described earlier. Apart from the start and end identifiers, the entire content is a JSON string. This format is as follows.

In the above message content, we can extract a complete Socket message by starting and ending the identification bit, so that we can obtain the corresponding entity class by serial number of the JSON content, the content of the object class is defined as follows.

We divide a message object into a Request message object and a Response message object. They correspond to a Request message and a Response message, that is, an initiate message and a Response message. Here, "The JSON content carried is the JSON string of another transmission object. In this way, we use this string to transmit information of different objects and construct a common message object.

In addition, these transmitted message objects can inherit from the base class of an entity class to facilitate unified processing of them, as shown in, it is a common message object BaseMessage and the object Relation Diagram of the JSON content. For example, AuthRequest is a login verification request and AuthorRepsonse is a response to login verification.

Using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider () {this. RSAPublicKey = rsa. toXmlString (false); // Public Key this. rsw.vatekey = rsa. toXmlString (true); // Private Key}

For example, on the server side, after the client Socket is successfully connected, we send a public key request message to the corresponding client, as shown in the following code.

/// <Summary> /// process after Client Connection (for example, sending a Public Key key) /// </summary> /// <param name = "client"> connect to the client </param> protected override void OnAfterClientConnected (ClientOfShop client) {// first record the public key of the server, private key client. rsw.vatekey = Portal. gc. rsw.vatekey; client. RSAPublicKey = Portal. gc. RSAPublicKey; // send a Public Key Exchange command var request = new RsaKeyRequest (Portal. gc. RSAPublicKey); var data = request. packData (); client. sendData (data); Thread. sleep (100 );}

After receiving the message from the server, the client determines the message type. If it is a public key request, we need to respond and send our public key to the server, otherwise, other services will be processed.

/// <Summary> /// rewrite the processing of the read message /// </summary> /// <param name = "message"> obtain the complete Socket message object </param> protected override void OnMessageReceived (BaseMessage message) {if (message. msgType = DataTypeKey. RSARequest) {var info = JsonTools. deserializeObject <RsaKeyRequest> (message. content); if (info! = Null) {// record the other party's public key to the Socket object. this. PeerRSAPublicKey = Portal. gc. UseRSAEncrypt? Info. RSAPublicKey: ""; Console. writeLine ("use RAS encryption: {0}, get the encrypted Public Key: {1}", Portal. gc. useRSAEncrypt, info. RSAPublicKey); // The public key request responds to var publicKey = Portal. gc. useRSAEncrypt? Portal. gc. RSAPublicKey: ""; var data = new RsaKeyResponse (publicKey); // return the Public Key var msg = data of the client. packData (message); SendData (msg); Thread. sleep (100); // pause} else {// submit it to the business message processing process this. messageReceiver. appendMessage (message); this. messageReceiver. check ();}}

After successful exchange, we can process subsequent messages through RSA asymmetric encryption, as shown in the following code.

data.Content = RSASecurityHelper.RSAEncrypt(this.PeerRSAPublicKey, data.Content);

The message decryption is the inverse process of the above Code, as shown below.

message.Content = RSASecurityHelper.RSADecrypt(this.RSAPrivateKey, message.Content);

Finally, we make the encrypted content into a Socket message to be sent, including the start and end identifier, as shown below.

// Convert it to JSON format and assemble it into the sending protocol format var json = JsonTools. objectToJson (data); toSendData = string. format ("{0} {1} {2}", (char) this. startByte, json, (char) this. endByte );

This is the content of the message to be sent. we can intercept the content and see the approximate content as follows.

The content in the red box above can be decrypted only by using the original private key, that is, on the network, the user is intercepted and cannot be unlocked, ensuring data security.

 

3. Data Integrity check

Data Integrity: we can compare the MD5 value of the message content to check whether the content has been tampered with. However, if asymmetric encryption is used, this integrity check can also be ignored, however, we can keep it as a check.

Therefore, when encapsulating data, the MD5 value of part of the content is calculated as follows.

Data. MD5 = MD5Util. GetMD5_32 (data. Content); // obtain the MD5 value of the Content

After obtaining the message and decrypting it (if any), calculate the MD5 value on the server and compare it with the passed MD5 value, if they are consistent, it indicates that they have not been tampered with, as shown in the following code.

Var md5 = MD5Util. getMD5_32 (message. content); if (md5 = message. MD5) {OnMessageReceived (message); // overload the subclass} else {Log. writeInfo (string. format ("received a modified message: \ r \ n {0}", message. content ));}

 

The above is the process of asymmetric data encryption and data integrity verification in the Socket development framework.