I have an application that is about to run an ad-hoc web server to serve a web application (accessible only through a wifi local area network) with an interface / backend connection via SignalR. This will be configured on random computers, so SSL will not be available, but both sides of the connection can easily split the password out of range.
We cannot assume that there will be no malicious participants in the wifi network (in fact, this will be used in schools, and I would not want a smart child to βcrackβ it using very simple network tracking and be excluded).
Without ssl, I would like to go to an old school and force each person to enter a passphrase, and then use this passphrase to encrypt all communication between the client and server. I am happy to use AES or any installed symmetric encryption algorithm.
The problem I am facing is that I do not know how to connect this to SignalR. In particular, given that I have C # / javascript encrypt(str, key) and decrypt(str, key) functions - how can I tell SignalR to use them on both client and server endpoints to encrypt / decrypt messages ?
To clarify, since there seems to be some confusion; key exchange is not a problem in this case, integrating any encryption / decryption scheme that I encounter in SignalR. Any help is appreciated
source share