-
Notifications
You must be signed in to change notification settings - Fork 22
Security
Currently there is no SSL/TLS implementation that works with .NET Framework 4.x and .NET Core/.NET 5+ and also running on Windows and Linux the same way. So CoreRemoting don't support HTTPS out of the box. Instead of encrypting on transport layer, CoreRemoting has integrated support to encryption on message layer.
Please see next section for details.
If you cannot live without HTTPS, then you can implement custom CoreRemoting communication channels. Implement IServerChannel and IClientChannel to accomplish this (Have a look at Configuration to find out how you can tell CoreRemoting to use your custom channels).
If message encryption is enabled (default setting), the serialized messages are signed and encrypted, before sent over the network.
RSA is used for asymmetric encryption, signing and secure key exchange.
AES is used for symmetric encryption of the message data.
No certificate files are needed. CoreRemoting uses the BCL Cryto APIs directly.
Message encryption configuration must be set the same on server and client (e.g. if server has message encryption on and client has not, the client will not be able to establish a connection). The same goes for key size. Both client and server create their own key public/private key pair. The keys must have the same key size (default is 4096).