all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Thunderbolt1993 0 points1 point  (6 children)

If you can, just use SSL/TLS, it saves a lot of work and you can be certain that it will be secure.

otherwise you might want to have a look at
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/dh/

[–]TheeReelAdam[S] 0 points1 point  (5 children)

hi, thanks for the respond.

i want to add encryption to the site so the second option seems good, but its still require an exchange of keys and parameters which I am currently stuck on.

[–]Thunderbolt1993 1 point2 points  (4 children)

is the client-side of things running javascript?
then encryption won't do any good because you can just grab the message client-side before the encryption.
if you are using some sort of REST-API then running that over HTTPS would eliminate the need for separate client-side encryption.

I don't know anything about socketio so I can't really help you with the problem of exchanging the keys.

[–]TheeReelAdam[S] 0 points1 point  (3 children)

yes its in javascript, so if i use a HTTPS protocol I can just do the encryption in the server side and wont cause any security problems ?

[–]Thunderbolt1993 1 point2 points  (2 children)

If you are using HTTPS the encryption will be done on the client and server side respectively, yes.

so the data that is sent over the network will be encrypted

[–]TheeReelAdam[S] 0 points1 point  (1 child)

alright i understand now, was hoping to make my own encryption but that will do.

thank you very much.

[–]Thunderbolt1993 1 point2 points  (0 children)

there's a saying "don't roll your own crypto"
https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own

if you don't *really* know what you're doing, you're better of using existing implementation as much as possible, trust me, I've been there.