Re: Your Message Sent on Tue, 9 Jun 1998 10:58:39 -0400

Jan Luehe (Jan.Luehe@Eng)
Tue, 9 Jun 1998 09:38:19 -0700 (PDT)

Date: Tue, 9 Jun 1998 09:38:19 -0700 (PDT)
From: Jan Luehe <Jan.Luehe@Eng>
Subject: Re: Your Message Sent on Tue, 9 Jun 1998 10:58:39 -0400
To: java-security@web2.javasoft.com, omar@yacht.ee.fit.edu

Omar:

> I am trying to write a client and a server programs in Java. The server
encrypt some data and send it to the client using the DES (data encryption
standard) tool in JDK . And my question is this: Suppose that the client got
the data and needs to decrypt it then it needs the secet of session key and
then the server has to send it to the client. Is there any way that I can use
to export or import these keys ( DES keys) or not possible. Your fast response
will be apprecieated. Thnak you very much.

You should never send the secret key itself over the net.
Your server and client should execute the Diffie-Hellman
key exchange protocol, which allows them to independently
compute the same secret key, without exchanging any secret
information. The shared secret can then be used with any
secret key encryption algorithm (e.g., DES, Triple DES, etc.).

JCE 1.2 supplies an implementation of Diffie-Hellman between
2 or more parties.
Check out the JCE 1.2 user guide for more information and examples
on how to use Diffie-Hellman.

Jan