SSL with RMI question: Do I need certs?

Hi Experts,

I'm using SSL for secure RMI communication using the SSLSockets and SSLServerSockets. In SSL hand shaking the authentication stage which uses Public Key cryptography, is optional. The public key is exchanged using certificates, these certs should be signed. I dont need to authenticate the server and dont want to have to get certs signed so what then is the most secure/best way then to implement SSL for RMI communication. How is the secret key for encryption shared between the client and server.

Cheers,
Cuchulan.
CuchulanAsked:
Who is Participating?
 
aozarovConnect With a Mentor Commented:
If you want to disable authentication (and the requirement for signed keys) then you can select anonymous cipher suite.
That will provide you a secure channel without identifying and authentication the two sides.
There are many techniques to share private keys this way like Diffie-Hellman: http://www.google.com/search?hl=en&q=cryptography+key+exchange
For an example of how to do that have a look at: http://www.javakb.com/Uwe/Forum.aspx/java-security/117/SSL-for-Java-without-keystores
and take the last message in that thread.
0
 
CuchulanAuthor Commented:
Hi aozarov,

Forgot to award points for this.

Cheers.
0
 
aozarovCommented:
Thanks :-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.