Pre-Lab

Overview

In this tutorial, we will create a SSL communication project in Android. The reason why we need SSL is that nowadays, many tools like tcpdump and wireshark can be taken avenue by attackers to intercept packets in the network. If the traditional socket programming is used, the data being transmitted is just plain text without any decryption, which will be a disaster if user’s personal information is hacked. Therefore, SSL provides a mechanism to encrypt and decrypt data being transmitted to protect data.

Objective

In Android, the traditional socket programming is just the same as what we do in network: a server is running forever to listen to the connection from clients and a client will initialize a connection with server. To achieve Secure Socket programming, the first step is to generate keys and certificates for server and client. Then the following steps are same as traditional socket programming. In this project, we will learn how to make a secure socket communication in Android.

SSL Communication Diagram

Introduction

SSL public/private key and Certificates are needed to test SSL socket communication in this project.

• 1. On server machine, create a pair of private key and public key and self-sign the public key into a certificate. All this can be done using the "keytool" command, see below, and save the key pair and the certificate in a "keystore" file. Export the certificate of the self-signed public key to the client.

  2. On client machine, import the certificate from the server into a "keystore" file.

  3. On server machine, write a SSL server socket test program and run it to listen to incoming SSL socket connection requests. The server test program must use the "keystore" created in step 1.

  4. On client machine, write a SSL client socket test program and run it to connect to the server machine. The client test program must be launched with the "keystore" file created in step 2 as a "trustStore". This is needed, because the server's public key is self-signed, and not trusted by default.

The procedure can be depict as the following picture.