I want to send sensitive data from a client to a server using symmetric encryption AES How can I ensure secure key exchange over HTTPS

0 votes
In my application, I need to encrypt sensitive data on the client side using AES and then send it securely to the server for processing. However, I’m unsure how to manage the key exchange securely over HTTPS. I understand that HTTPS already provides encryption, but I want an additional layer with AES encryption for extra security.

Could someone explain the best way to perform secure key exchange in this setup? Are there specific strategies for securely sharing the symmetric key between client and server while using HTTPS?
Oct 29 in Cyber Security & Ethical Hacking by Anupam
• 3,950 points
60 views

1 answer to this question.

0 votes

In order to send sensitive data from a client to a server using symmetric encryption like AES, you can go through the following practices to ensure secure key exchange over HTTPS:

  • Use HTTPS for Transmission: HTTPS encrypts all transmitted data, including keys, ensuring secure transit.

  • Generate AES Key on Client: Create a unique AES key on the client to encrypt sensitive data, adding an extra layer of security.

  • Encrypt AES Key with Server’s Public Key: Protect the AES key by encrypting it with the server’s public key so only the server can decrypt it.

  • Send Encrypted Key and Data Together: Transmit both the AES-encrypted data and RSA-encrypted AES key over HTTPS.

  • Server Decryption: The server decrypts the AES key using its private key, then decrypts the data using the AES key.

  • Rotate Keys Regularly: Enhance security by generating a fresh AES key for each session or message.

answered Nov 6 by CaLLmeDaDDY
• 3,410 points

Related Questions In Cyber Security & Ethical Hacking

+1 vote
0 answers

How can I encryption/decryption in Rijndael using python

I found this https://github.com/moeenz/rijndael ,but does not ...READ MORE

Sep 28, 2019 in Cyber Security & Ethical Hacking by Ahmed
• 310 points
4,922 views
0 votes
1 answer

How can I force the login to a specific ip address?

Try to access the router's default page. It's ...READ MORE

answered Feb 15, 2022 in Cyber Security & Ethical Hacking by Edureka
• 12,690 points
1,448 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 3,410 points
104 views
+1 vote
1 answer
+1 vote
1 answer
+1 vote
1 answer
0 votes
1 answer
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP