Please check my protocol
Lately cryptography has taken my interest and I've been fiddling around with some hobby projects.
Say I want to secure internet traffic between two users, a client and a server. I want to eliminate man-in-the-middle attacks.
This is what I came up with:
The client has the public key of the signer. The server has the private key.
When a client connects to the server, it requests the certificate.
The server then sends a certificate, including a (client-specific? please confirm) public key and a message digest.
The public key is plain text. The message digest is encrypted with the private signer key. ECC (Elliptical Curve Cryptography) seems to be a strong algorithm, but if it's too complex I can still use RSA of course.
The client receives the certificate and checks its authenticity by decrypting the message digest.
It then checks if the message digest is equal to the message digest independently generated from the certificate, client-side.
Now, Client->Server traffic is secured. Server->Client is not.
The client now generates a random array of bytes. It sends this to the server. This is our symmetrical key for an algorithm like AES.
Now, Client->Server traffic is secured, AND Server->Client is secured.
My question: am I missing something? It sounds too good to be true, especially because there are far more complex systems like DSA/ECDSA, of which I don't really understand the advantage.
Of course I could be completely wrong, if so, please tell me why and explain me 'the answer'. I'm still very new to this cryptography thing so be gentle
You basically described SSL; using asymmetric cipher (e.g. RSA) to exchange a session key for a symmetric cipher (e.g. AES) that will be used to secure the bulk of the communications.
Be sure you pad, etc.. correctly. Unpadded RSA is breakable, especially if the message is shorter than the key length.
You could also use Diffie-Hellman for the key exchange, though you'll need to check the security status of it.