| | |
| Connection setup | page 3 of 11 |
To initiate a secure socket connection to a remote server,
we must carry out the following steps:
- Create a SecureRandom, a source of
secure random numbers. Secure random numbers are numbers that are
random enough that they will not make the encryption vulnerable to attack.
- Create a KeyStore object containing the remote server's
public key. This is read from server.public.
- Create a KeyStore object containing the client's
public/private key pair, including its public key certificate. This
is read from client.private.
- Create a TrustManagerFactory from the remote server's
KeyStore. This is used to authenticate the remote
server.
- Create a KeyManagerFactory from the client's
KeyStore. This is used for encrypting and decrypting
data.
- Create an SSLContext object, using the
KeyManagerFactory, the TrustManagerFactory,
and the SecureRandom.
- Use the SSLContext to create an
SSLSocketFactory.
- Use the SSLSocketFactory to create an SSLSocket, which
acts just like a regular Socket, except that it is secure.
|
