1 Replies - 191 Views - Last Post: 09 July 2019 - 02:42 PM Rate Topic: -----

#1 kellzor   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 21
  • Joined: 01-May 12

Way to double-check integrity of a truststore?

Posted 09 July 2019 - 01:09 PM

I'll try and put this into a nutshell. We have a truststore contained on the client app jar. The client is communicating with a server app via SSLSocket. We want to be sure that this truststore is not tampered with or spoofed in any way on the client side, to ensure that it's only using the key we want.

Our initial thought was to hash the correct client truststore then obfuscate that into bytes, using it to check against the truststore being applied each time by the client. Obviously hardcoding isn't elegant, but we aren't sure how else to approach it. Would anyone have another suggestion for increasing assurance of truststore file integrity in this situation?

This post has been edited by kellzor: 09 July 2019 - 01:11 PM


Is This A Good Question/Topic? 0
  • +

Replies To: Way to double-check integrity of a truststore?

#2 g00se   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3639
  • View blog
  • Posts: 16,720
  • Joined: 20-September 08

Re: Way to double-check integrity of a truststore?

Posted 09 July 2019 - 02:42 PM

Two-way SSL authentication by certificate is probably all you need
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1