* fixing security issues by encryption

Signed-off-by: CubeBit <denis-seredenko@ukr.net>
2023-08-03 17:42:57 +02:00
parent 3b03b2258a
commit 3b6d18a83b
8 changed files with 74 additions and 19 deletions
--- a/client/src/main/java/org/orinprojects/client/Client.java
+++ b/client/src/main/java/org/orinprojects/client/Client.java
@@ -19,6 +19,8 @@ public class Client {

    static SecretKey aesKey;

+    static byte[] ivKey;
+
    public static void main(String[] args) throws Exception {
        Map<String, String> validatedArguments = getValidatedDataFromArguments(args);

@@ -50,7 +52,7 @@ public class Client {
                System.out.println("Wait for complete initialisation!");

            if (client.rsaReceived && client.aesReceived) {
-                String encryptedText = EncryptionUtil.encryptWithAES(inputText, aesKey);
+                String encryptedText = EncryptionUtil.encryptWithAES(inputText, aesKey, ivKey);
                client.out.println("TXT" + encryptedText);
                client.out.flush();
            }
--- a/client/src/main/java/org/orinprojects/client/ClientThread.java
+++ b/client/src/main/java/org/orinprojects/client/ClientThread.java
@@ -10,6 +10,7 @@ import java.io.IOException;
 import java.io.InputStreamReader;
 import java.io.PrintWriter;
 import java.net.Socket;
+import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
@@ -53,12 +54,18 @@ public class ClientThread implements Runnable {
                    continue;
                }

+                if (prefix.equals("IVK")) {
+                    String decryptedIVKey = EncryptionUtil.decryptWithRSA(restMessage, Client.keys.getPrivate());
+                    Client.ivKey = EncryptionUtil.ivKeyFromString(decryptedIVKey);
+                    continue;
+                }
+
                if (prefix.equals("TXT") && aesReceived && rsaReceived) {
-                    String decryptedMessage = EncryptionUtil.decryptWithAES(restMessage, Client.aesKey);
+                    String decryptedMessage = EncryptionUtil.decryptWithAES(restMessage, Client.aesKey, Client.ivKey);
                    System.out.println(decryptedMessage);
                }
            } catch (NoSuchPaddingException | IllegalBlockSizeException | IOException | NoSuchAlgorithmException |
-                     InvalidKeySpecException | BadPaddingException | InvalidKeyException e) {
+                     InvalidKeySpecException | BadPaddingException | InvalidKeyException | InvalidAlgorithmParameterException e) {
                System.out.println("Disconnected from server!");
                System.exit(-1);
                closeAllConnections(clientSocket, in, out);