Solved Secure communication with QSslSocket
-
Good morning all!
I am a beginner in the world of Ssl programming.
I would like to have some explanations on this concept. Thank you in advance.
Let me explain:I want to develop a communication application for an Organization. The application will consist of a server and a client. The server application will be installed on a computer in the headquarters of the organization and the client application will be installed on the computer or telephone of each member of the organization who can communicate from anywhere in the world.
My questions are:
-Is it good to use a self signed certificate since the server will be controlled by the organization itself?
-If not, can you give me some ideas to be able to secure the communication between the server and the client.
I remind you that I plan to use QSslSocket and QTcpServeur.Thank you.
-
Hi and welcome to devnet,
You should rather buy a certificate from an official provider, or at least consider Let's Encrypt.
Using a custom certificate means that you will have to deploy it properly also on your devices which is going to require more work.
You will also have to ensure a proper update strategy in case you must revoque your certificate.
-
@Ahimson said in Secure communication with QSslSocket:
-Is it good to use a self signed certificate since the server will be controlled by the organization itself?
It would be acceptable. Please bear in mind that Qt will still complain about self-signed certificate, so you'll need to import the certificate into Qt's CA certificate database.
I remind you that I plan to use QSslSocket and QTcpServeur.
This is a secure socket client example just in case.
-
Hi everyone!
Thank you for your answers.
I now see how I will proceed to provide a secure connection between the server and the clients.
Once again thank you.Tell me is there another way to encrypt a communication between a server and a client in C ++ Qt ...
I just want to know in case it could be interesting.
Thank you. -
@Ahimson
Hi
Just as a note:
To be sure incoming connections from off-site devices is in fact a device you trust,
a certificate is the way to do it.However, you can also encrypt the actual data, which is another story and mostly used
inside a site to prevent tampering etc but that does not really verify that a given device is who it says it is.
So if someone broke your encryption then they could make a fake device and talk to server.
Inside a firewall, its not a big risk, but outside on phones, its another story.For your use case, buying an official certificate is so much more fun as self-signed are always treated
with a bit of suspicion and for external devices, it can be quite a hassle to make them accept it.
Like we tried with an iPhone and it simply reused to use it. Might be fixable but compared to
the official one we bought, that it just took with no extra steps whats so ever.Im not an encryption expert so i dont know other ways for your use case.
-
@mrjj
thank you very much for your answer .... it helps me a lot. -
@Ahimson
You are most welcome.
if you feel you got an answer please use Topic Tool button to set as solved. -
thank you. Yes it's good, I'm satisfying ...
I will mark the resolved topic.
Thank you all.