https encryption

Gilgil · ‎08-17-2015

Hi all,

I am developing with LV 13, and trying to achive a scured encrypted connection over HTTPS, with a non-LV developed website.

I have downloaded the certifacte file of the site (from Chrome).

I am able to send messages with Post vi when the validate server is False (see attached png), however, when I change that flag to True I get error 363506 (which related to failure in verifying Server identity).

My questions are:

1. What can be the reason that the server is not identified as valid, maybe I should give as an input a different file instead of the downloaded *.cer file. What can be the risk if I choose to work in 'False' mode, assuming I know and trust the website?

2. What is required in order to achieve secured encrypted data transfer with HTTPS? if I am not using private key or client certifcate file, does my data is encrypted only by the fact that I'm using HTTPS protocol. If the private key is required, I would love to learn what is the reccomended way to create it.

Any input is apreciated.

Thank you very much for your help,

Gil

benthere · ‎08-18-2015

Gil,

That error code seems to be associated with an NI 272x switch module. Could you provide a screen shot of the specific error you are getting?

Thanks,

Ben H.
Systems Engineer
National Instruments

Googil · ‎08-19-2015

Thank you for your response,

The error I get is attached.

Gilgil · ‎08-19-2015

Spoiler

Hi all,

To be more specific, these are my questions:

Does the encryption depends on having a server which labview recognize as certified? Or can I just tell LV to ignore server verification because I trust the site, and still have an encrypted communication.

Another question is- does the encryption is two directional once I’ve establish a SSL connection all uploaded and downloaded data is encrypted (and protected from ‘man in the middle’ attacks?)
or should I perform extra steps such as creating my own private key and certification file?

For example in the attached VI. Does the setup of connection here is enough to ensure an encrypted communication both ways (upload and download). And is this depends on the verification of the server and supplying the ‘*.Crt’ file?

Thank s again, hope that’s clear.

benthere · ‎08-20-2015

1. You should be able to connect to servers you trust by wiring the False constant like you have in your example VIs. Are you experiencing something different?

2. The encryption should be secure both ways and your example should work to accomplish this

Ben H.
Systems Engineer
National Instruments

Gilgil · ‎08-20-2015

Thank you Benthere,
I do manage to connect to the server in this method, however, I was worried that since the server is not verified, and since I didn't supply any private key and my own certificate file to the SSL config server that actual encryption doesn't happen. I thought that in order to decrypt a message I must use my private key.
Does anyone has any idea on how I can actually verify and prove others that the data transfer is encrypted, is there any utility to achieve that goal.
Thanks again,
Gil

benthere · ‎08-21-2015

Gilgil,

Seems there are some third party utilities that can accomplish what you are asking. I simply googled your question, "verify and prove others that the data transfer is encrypted", and it was one of the first hits. Hope this helps!

Thanks,

Ben H.
Systems Engineer
National Instruments

Gilgil · ‎08-21-2015

Thanks again for your response,

Yes I've also find such utilities, just asked to see if anyone was experienced with one, and can reccomend it.

Anyway this will help,

Thanks,

Gil

LabVIEW

https encryption

https encryption

Re: https encryption

Re: https encryption

Re: https encryption

Re: https encryption

Re: https encryption

Re: https encryption

Re: https encryption