Flash & C# encryption

I am creating a TCP connect with Flash to a C# daemon.

Now I have come to the part of encryption... I know that Flash is decompilable and so not safe to store private keys on.

I need 2 way encryption because of the messages that have to be send back to the Flash client.

I h开发者_运维百科ave been thinking and googling, but cannot find a proper solution yet.

Anybody got an idea??

---

You'd usually use a hybrid encryption.

1. Client opens a session on the server, acquiring public key for an asymmetric encryption.
2. Client generates a key for a symmetric encryption, and sends this key to the server, encrypted with the public key previously acquired.
3. The rest of the communication is encrypted using a symmetric encryption with they key now known to both client and server.

greetz
back2dos

---

back2dos' solution will work (and be the easiest) if your connection is SSL/TLS.

If you are forced to use regular sockets (e.g., the server does not have an SSL certificate), then you'll need to do the same by hand. In this case, you'll need to use a Diffie-Hellman key exchange, which enables the creation of a shared secret that is not actually sent over the wire.

Again, if possible, use back2dos' solution. It's a lot easier.