Although the goal of this library is easy and fast usability, some security aspects were implemented. In short: All messages are encrypted with a symmetric communication key, that only the server and the client knows. The key exchange is asymmetric.

Procedure to provide a minimal security:

This process is automatically executed, after a client has connected to a server.

  • The client creates a public and private key pair
  • The public key is sent to the server as plain text
  • The server generates a symmetric communication key
  • The server encrypts the communication key with the clients public key
  • The encrypted communication key is sent back to the client
  • The client decrypts the communication key with its private key
  • Both sides store the communication key
  • All messages are now encrypted with the communication key

Security vulnerabilities!

This procedure is not secure against Man in the middle attacks. A method to prevent this will maybe be implemented in a later update. As long as this is not implemented, do NOT use this library, when you want to transfer critical data.

For experts:

If you want to see the implementation of this have a look at the Security docs.