Game protocol Encryption and authentication

Time, such as fleeting, the blink of an end, the intention to send this in February, the results have been mistaken for February 31st ...

This piece has been interested before, finally in February to win the opportunity to do this piece of work. My predecessors left me with a framework for authentication:

1. Client Connection Server
2. The server sends a random number to the client
3. Client is encrypted with client private key and sent back to server
4. The server side uses the client public key to solve the ciphertext, compared to the random number to solve whether the same as the original
5. If consistent, the client sends a random number to the server, the server encrypts the server-side private key, the ciphertext is sent to the client, and a new random number is generated to RC4 the session later, and the random number is encrypted with the client public key and sent to the client.
6. The client uses the server-side public key to unlock the key, the same as the random number and its own hair, the same thing is to use the client private key to unpack the next packet, remove the key cipher for RC4 encryption
7. At this point, both authentication is completed, the session is first compressed, and then encrypted by the RC4 algorithm

Here, the private key acts as a symbol of identity, as long as the private key, it is believed that the other party is a trusted client. Maybe a friend would ask, what if the client is cracked? I think security expert brother has a good point, "the essence of security is the question of trust." To design any security scheme, one must eventually have something that is "supposed to be trusted", and just look at the probability of the success of this "trustworthy" thing being attacked. If you do not do this, you do not have any security options. "Therefore, when considering the security of the Protocol, we can only choose to believe that the client key is safe to keep."

Look back at this scenario, where the private key is used for encryption. Students familiar with SSH should associate it with the challenge process, the SSH server uses the client public key to encrypt the random number, and then send it to the client. The difference between public-key and private-key cryptography is that, in the case of plaintext, the ciphertext of the public key is not the same every time, and the ciphertext encrypted by the private key is the same every time. The sample code can be found in: Https://github.com/spin6lock/rsa_encrypt_and_decrypt_in_c ciphertext and plaintext are always mapped, prone to collision attacks, bypassing the encryption process. Therefore, the private key encryption is used for authentication, such as the digital signature of e-mail, first use MD5 to digest the message, and then use the private key to encrypt the public key is public, to ensure that anyone who sees this message can be decrypted, get MD5 information to verify, to ensure that the message has not been tampered with.

So it took me about a week to revise the verification process. The new verification process is as follows:

1. Client Connection Server
2. The server encrypts the random number with the client public key and sends it to the client
3. Client is decrypted with client private key and sent back to server
4. Server vs random number, disconnect if different
5. The client encrypts the random number with the server-side public key and sends it to the server
6. The server decrypts with the private key and sends back to the client
7. Client Authentication through
8. The server encrypts the key used by the RC4 session with the client public key and sends it to the client
9. The client is untied with the public key and then uploaded under RC4 encryption.

Next, we want to deal with the mobile network module's working characteristics of the Protocol optimization. Because the mobile phone is limited by the power, the network chip will have to start, half speed, full speed, half speed, device standby speed curve, if the package can be packaged in the application layer to send, can greatly improve the phone's standby time, see this development guide. Protocol compression put it in the next article ~

Reprinted from: http://www.cnblogs.com/Lifehacker/p/mobile_game_protocol_encrypt_and_authentication.html thank the original author for bringing us such excellent articles

Game protocol Encryption and authentication