Http with Encryption from Client to Server and Server to Client

Here is a scenario:

  1. Desktop application
  2. Installed from the web
  3. Needs to call a WCF webservice
  4. Transferred data needs to be encrypted from Client to Server and Server to Client

Is there a well understood solution for this that is:

  1. Secure
  2. Easy to manage and deploy

I guess what this comes down to firstly is whether https encryption happens in both directions... Does it? Or do you need mutual authentication for that?

Answers


HTTPS is what you're after - it does provide end-to-end encryption (client-to-server and server-to-client).

So long as you can generate and install a server certificate, and be sure that your clients 'trust' the issuing authority of your certificate, then you're good to go. Note that this is not mutual authentication - your clients know that they have contacted the correct server, but the server does not know who has contacted it.

It can offer mutual authentication through the use of client-side certificates, but I would argue that does not fall under the 'easy to deploy' requirement.


Try using HTTP over SSL


HTTPS works...

I was confusing Encryption with Authentication and they are two different things. Simple Https which is the most common only authenticates the server to the client which is sufficient in many cases. An additional step (where the client also has a certificate) can be required to authenticate the client to the server but this is not required. In both scenarios, data with Https is encrypted from both the server to the client and client to the server using a session key once the SSL handshake has been completed. This is all described here:

Description of the Secure Sockets Layer (SSL) Handshake


Need Your Help

Passing result of NSOperation to another NSOperation

ios swift ios9 nsoperation

I have two NSOperation that are responsible for Downloading, and Parsing. After the downloading operation is successful and I receive some NSData I want to then set that data as the data to be used...

Get all form tags with javascript/jQuery?

javascript jquery html

Is there any such function to get all form tags?