Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m uploading an encrypted file from Android phone to a server and decrypting the same file in the server side.
Client: Used HTTP post to send file to a server
Server: PHP
Encryption: Triple DES
I hard coded the keys and iv in both the client and server side. Is there any idea how to use the keys and iv so that the transmission is highly secured?
Thanks!
If android encrypts the file immediately prior to transmitting it and the server decrypts it on receipt, then you should just use SSL/TLS/HTTPS.
Hardcoding either the key or the IV is horribly bad practice. If you hardcode the key in an application, anyone who can get the binary has the key and can read the message. If you hardcode the IV, even people who do not have the key can potentially do something( IV’s can be public, but they MUST be random)