To learn the client-server communication, a practical approach is to setup the connection between an iOS device (Client) and a Raspberry Pi (Server):
Client: iOS device with app developed in Swift
Server: Raspberry Pi with socket server programmed in Python
Requirements
1. Setup a Raspberry Pi
2. Mac + Xcode + iPhone/iPad
===============
The three sections below will explain how to:
1. Setup the basic client-server socket communication architecture.
2. Encrypt/decrypt a message with RSA public/private keys.
3. Combine sections 1 and 2 to setup the secure socket communication.
1. Basic Socket Communication
The basic form of client-server communication between an iPhone/iPad and a Python socket server built on a Raspberry Pi is shown in this tutorial:
Connect an iPhone to a Simple Python Socket Server (Raspberry Pi Part) (iOS Part)
The above tutorial must be fully understood, because it is the basis for the tutorials in the 3. Secure Socket Communication section.
2. RSA
The data transmitted between the client and the server in the above example are not encrypted and hence are insecure. Therefore, using RSA (Rivest-Shamir-Adleman) cryptosystem for secure communications is a good topic to be studied for understanding asymmetric public-private key cryptosystem.
All examples below follow this procedure:
1. Generate or obtain an RSA private and public key pair.
2. Encrypt a message with the public key.
3. Decrypt the encrypted message with the private key.
2.1 Basic OpenSSL commands
In order to understand how to use RSA keys for encryption/decryption, try the basic OpenSSL RSA commands:
OpenSSL RSA commands to encrypt/decrypt a message in terminal (Raspberry Pi and Mac)
You should notice that RSA uses different keys of the same key pair for encrypting and decrypting a message. This is known as asymmetric since different keys are used.
Now let's start programming with RSA keys!!
2.2 Importing External RSA keys
Here are Python (Raspberry Pi) and Swift (iOS) examples showing how to import external OpenSSL-generated RSA keys in PEM file format:
Encrypt/decrypt a string with external public/private keys (Raspberry Pi Part) (iOS Part)
2.3 Using Code-generatd RSA keys
External RSA key files are fixed. If different key pairs are required while the program is running, try to generate keys in Python/Swift code:
Encrypt/decrypt a string with code-generated public/private keys (Raspberry Pi Part) (iOS Part)
Now let's move on to implement code-generated RSA keys in the client-server architecture.
3. Secure Socket Communication
Remember that:
Client: iOS device with app developed in Swift
Server: Raspberry Pi with socket server programmed in Python
There are two tutorials in this section. Both of them will explain how to transmit an encrypted message between a client and a server. The difference between the two tutorials is the opposite direction of data transmission. The principle of sending encrypted message is as below:
1. The receiving device generates an RSA private-public key pair and sends the public key to the transmitting device.
2. The transmitting device encrypts a message using the public key provided by the receiving device and sends the encrypted message to the receiving device.
3. The receiving device decrypts the encrypted message from the transmitting device using the private key.
The two tutorials with different directions of transmitting encrypted data are as below:
1. From iOS device to Python socket server (Raspberry Pi Part) (iOS Part)
2. From Python socket server to iOS device (Raspberry Pi Part) (iOS Part)
Or in terms of encrypt/decrypt in Python/Swift programming languages:
1. Encrypt in Swift and decrypt in Python (Raspberry Pi Part) (iOS Part)
2. Encrypt in Python and decrypt in Swift (Raspberry Pi Part) (iOS Part)
Note:
For Tutorial 2. Encrypt in Python and decrypt in Swift (iOS Part), you need to understand how to manage the iOS keychain in this tutorial:
Store/Retrieve/Delete RSA public/private keys with keychain (iOS Swift)
More Information:
Crypto 101 ebook (pdf)
No comments:
Post a Comment