TechQA.

SealedObject in https communication

216 views Asked by At

I would like to know if it's recommended to create a SealedObject to make client-server communication to preserve the privacy. Client-server communication is already done via https. Maybe it's already really protected with the https communication, and double encryption is make the server works more than is needed.

Thank you.

java security javax.crypto
Original Q&A
2

There are 2 answers

0
Shivan Dragon On

Well basically they both do the same, encript and decript the data. Maybe if your https encryption is not very strong, you have no way to change it and the data is extremly sensitive you might use SealedObject to further encrypt, but other than that, strong (like 256 bits) https encryption should be ok.

0
Cratylus On

Client-server communication is already done via https. Maybe it's already really protected with the https communication

This depends.

  • Do you have authentication or only encryption?
  • How is the private key stored?
  • How are the passwords for the keystore protected?
  • How strong is your encryption etc...

There are many parameters to take into account.
So it is not easy from your info to say if an extra layer of encryption is a useless overkill or not

Related Questions in JAVA

Related Questions in SECURITY

Related Questions in JAVAX.CRYPTO

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions