Encrypted Client-server communication using Nodejs TLS module and OpenSSL

TaDaaaaaaaaaaaaaaaaaaaaaaa !!!!!!!! After meddling with the readers mind in my attempt to get into the source of NodeJS in the last and its previous post , i decided to take it easy on the readers in this blog post πŸ˜› So this post is on using the TLS module from the application layer . Lets see how to securely communicate using the TLS module and OPENSSL .Sounds interesting ?? We’ll , then read on πŸ˜€

“What do you mean by a secure communication ???”

In this case im talking about encrypting the message and sending it to other parties so that even if your data is captured by other parties its wont be readable .

Hmmm,Ok , then you gotto decrypt it back at the other end to be able to interpret it right ??

Thats right …. Thats obvious right ? If the data is sent encrypted from one end , it has to be decrypted at the other end to be able to read the information .

So there are 2 questions that has to be answered now ..

1.How do i Encrypt the message ??

2.How do i decrypt the message ???

drrrrrrrrrrrrrrrrrr, Now , How do you think you can achieve this ????

HMMMMMM…….. “Can i use some sort of Encryption-decryption algorithm ????”

You got it right , You use some algorithm to encrypt your message and send it across and then using the reversal of the algorithm it can be decrypted .

“But , isnt this risky? What if someone could understand my algorithm , or crack my Algorithm and decrypt my message ??”

Welllllllll ,here is a secret …………….. “This had happened during the Second World War …” shhhhhhhhhhhhhhhhhhhhhhhhh πŸ˜›

Then whats the way out ??

PUBLIC KEY ENCRYPTION

Here is how two parties in communication use Public Key Encryption secure the message exchanged between them .

1.How to Encrypt the message in Public Key Encryption ?

In Public key Encryption both parties have a private-key and public-key with them . Private key remains exclusive to both the parties and they dont share it with anyone . But the public key used exchanged with any other party with the communciation and information exchange takes place .
Lets say X and Y are the 2 parties who now are intending to have a secure encrypted communication using Public key encryption method .

How does X encrypt the message to send it to Y .
– For X to Encrypt a message for the purpose it to Y , X needs to use its own private key (Y too has its own private key) and Y’s public key .

Hmmm, this sounds cool , But since X sends the message encrypted , how will Y decrypt it ???
– For Y to decrypt X’s message it needs its own private key and X’s public key .

You might be wondering now , “Lol !!! Now private key and public key story sounds cool , but how to create one of these ??”

CREATING PRIVATE KEYS USING OPENSSL

OPENSSL executable comes bundled with most of the popular Linux Distributions and it offers wide range cryptography methods . TLS module uses OPENSSL libraries under the hood . Here is the command to create Private Keys using OpenSSL

 openssl genrsa -out private-key.pem 1024

This creates a private key by name private-key.pem

CREATING PUBLIC KEYS USING OPENSSL
Public keys are also called as certificates . They are called so because public keys will contain digital signatures which are used to identify the right peer/server.
The certificate can be self signed or it can be signed from certification authorities (As in case of HTTPS sites) . Lets see how to create a self signed public key (self signed certificate) using OPENSSL .
First you gotto create a Certificate Signing Request file using your private key:

 openssl req -new -key private-key.pem -out csr.pem

Then you can create a self-signed certificate, using your private key:

openssl x509 -req -in csr.pem -signkey private-key.pem -out public-cert.pem

“HaHaHa , The certificate Saga was pretty , but certificates are used to just encrypt the data during communication between two parties , but how can i communicate by just using the certificates ?? πŸ˜› “
Well , thats right … Now you gotto create a server and a client which uses these certificate and communicate securely using public key encryption.
Here is the code for the TLS server

 var tls = require('tls'),
    fs = require('fs'),
    colors = require('colors'),
    msg = [
            "#######  ####    ####### ######  ####### ",
    "##    # #     # #     # #             # #     #",
    "# #   # #     # #     # #             # #",
    "#  #  # #     # #     # #####         #  #####",
    "#   # # #     # #     # #       #     #       #",
    "#    ## #     # #     # #       #     # #     #",
    "#     # ####### ######  #######  #####   #####"

          ].join("\n").red;

var options = {
  key: fs.readFileSync('private-key.pem'),
  cert: fs.readFileSync('public-cert.pem')
};

tls.createServer(options, function (s) {
  s.write(msg+"\n");
  s.pipe(s);
}).listen(8000);

Run the code in the folder where you have created your certificates . Here is the link .
The server writes out the message string [msg] to the client when requested , The difference here is that when the message is being transmitted it is encrypted and sent .

 node tls-server.js   

Once the server is running open another terminal

USING OPENSSL to securely communicate with the TLS server

$ openssl s_client -connect 127.0.0.1:8000

You can now see the screen with the message array [msg] being sent to the OPENSSL client

Open ssl client
Open ssl client

“Nice story on encryption using Node and OPENSSL, but whats the proof that the data is being encrypted and sent to the client ??”

Use Wireshark and check it out for yourself . Here is the screenshot from wireshark after capturing the communciation between the TLs server and the Open SSL client

Encrypted data
Encrypted data

Wireshark clearly shows that the data transmitted is encrypted . Try writing a simple TCP client-server socket program using NodeJS and then capture the dat using wireshark and the data communicated will be directly visible in wireshark inside the captured packets .

Thats it for now !! Ufffffffffffff!!! I shall get into the more details of source of TLS module in the further posts to come . Till then , Happy coding πŸ˜€

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s