Client Stack for Ephemeral Keys Encrypted Socket Host
This version shows how to use the server chatroom(s) while maintaing the command-response style for other controls.
This stack makes use of tsNetGenerateKey which I think is a business edition feature. If any Indy users are interested in using this I would be happy to post the shell commands required-- just edit the genephemeralRSAkeys function to use shell to gen your keys--2048 bits is what the server is looking for.
Client Stack -- Requires Host Stack
This is a LiveCode framework for creating a client and server that communicate over sockets using ephemeral RSA keys to exchange a per client session based AES passphrase to encrypt the traffic.
What does this mean?
No long term key requirement for either server or client.
In practical terms this means that there is no one single long term key that could be compromised and used to decrypt all future (and recorded past) traffic between any client and the server-- hence, you are less of a target and the cost for any would be hacker is high.
This framework is similar to TLS 1.3 in nature, but it is not TLS proper and is built specifically for LiveCode developers who want to use encrypted socket communication. RSA is actually just fine to use in forward security requirements, but it does exact some cpu costs. For LC developers it's a simple matter to place the ephemeral key generation at the client level (many clients, few hosts) and keep server load to a minimum. On an ca 2013 Macbook Pro, a 2048 bit RSA key pair takes @ 200-300 ms to generate,sometimes 500. Less on new hardware and worth the little extra time at client connection.
"A ship in harbor is safe, but that is not what ships are built for."
Mark Clark
28 Apr 2021