Hi,
i am writing a small server / client application using Asio and i exchange messages in plain text between a server and multiple clients.
This works fine but now i want to encrypt the messages using Crypto++.
I wrote a small wrapper class around ChaChaTLS to encrypt and decrypt messages, which works fine also.
But i wonder how to safely exchange the generated keys without the possibility to intercept them via a man in the middle attack.
I mean if i create a key on the server and send it to the client, i can capture the network traffic and read the key.
How do you do it so that the key can't be read by others?
And should i reuse the same key on the client and the server or should i create two (one for client, one for server)?
Sorry if i miss the obvious, but i am a crypto noob.
i am writing a small server / client application using Asio and i exchange messages in plain text between a server and multiple clients.
This works fine but now i want to encrypt the messages using Crypto++.
I wrote a small wrapper class around ChaChaTLS to encrypt and decrypt messages, which works fine also.
But i wonder how to safely exchange the generated keys without the possibility to intercept them via a man in the middle attack.
I mean if i create a key on the server and send it to the client, i can capture the network traffic and read the key.
How do you do it so that the key can't be read by others?
And should i reuse the same key on the client and the server or should i create two (one for client, one for server)?
Sorry if i miss the obvious, but i am a crypto noob.