Re: Encrypt data between socket client and server

[Lee <t.lee.davidson@xxxxxxxxx>]

On 3/4/26 8:13 AM, gbWilly wrote:
> Hi all,
>
> Anyone have an example on how to set up encrypted communication between a socket server and a socket client? Currently data send 
> up and down can be cough by a network sniffer and seen in plain text. That's not what I want.
>
> I have been staring at the different encrypting components but have no idea on how to start and what component to use.
>
> I want:
> Clients send data encrypted
> Server accepts data decrypts
> Server send answer encrypted
> Client accepts data and decrypts
> etc...
>
> How encrypt/decrypt the data?
> How do both sidesknow what encryption to use?
>
> It would be a plus if client authentication could use certificates (like with SSL) as that is an authentication framework I have 
> up and running.
>
> How to let Socket server and client use this manner of authentication?
>
> This and more question run through my head.
>
> A simple example to get me started in the right direction would be great
>
> gbWilly
>
> GambOS <https://gambos.gambas.one/>
> Gambas3 for Debian/Ubuntu <https://gitlab.com/gbWilly/gambas3-debian-repository>
> <https://gambos.gambas.one/>
>
> *...there is always a Catch if things go wrong!*

I have to assume you cannot use a HTTPS server and client. If you could, that would likely simplify things a bit as the SSL 
framework is already there. Sorry, I don't have an example, but based on that assumption, here are my thoughts.

If you don't mind the non-sensitive portion of the payload being transmitted in clear text, you could set up a minimal 
communication protocol between as socket server and client after the manner of HTTP.

HTTP is quite simple and human readable. The messages sent are in plain text. Each line of the header is separated by a CrLf and 
the header section is delimited from the body by two CrLf's. Simple.

An example request header might look like this [1]:
GET /watch?v=8PoQpnlBXD0 HTTP/1.1
Host: www.youtube.com
Cookie: GPS=1; VISITOR_INFO1_LIVE=kOe2UTUyPmw; YSC=Jt6s9YVWMd4

The first line contains the HTTP method, the resource requested, and the HTTP version. The other two lines are individual 
headers. You would probably not have any need to send the first line.

Using the socket components, you can craft your request any way you like. Perhaps all you would need is one header, eg.:
Encryption-Method: AES-256-CBC

Separate the header from the encrypted data with two CrLf's or whatever delimiter you choose to make Splitting easy. Then 
decrypt the data, act on it, and send the response. HTTP responses follow the same basic format.


[1] https://www.freecodecamp.org/news/what-is-http/#heading-how-to-create-http-requests


--
Lee

--- Gambas User List Netiquette [https://gambaswiki.org/wiki/doc/netiquette] ----
--- Gambas User List Archive [https://lists.gambas-basic.org/archive/user] ----