Secure TCP handshake demo
A Java TCP client/server that layers RSA-signed Diffie-Hellman, AES encryption, and HMAC integrity over raw sockets.
This lab is a compact secure-channel demo. It is intentionally educational, not production cryptography, but the protocol shape is clear: prove identity, derive a shared secret, encrypt payloads, and verify message integrity.
| Layer | Mechanism | Purpose |
|---|---|---|
| Identity proof | RSA signature | Shows the server owns the private key. |
| Key exchange | Diffie-Hellman | Derives a shared secret over the socket. |
| Confidentiality | AES-256-CBC | Encrypts messages after the handshake. |
| Integrity | HMAC-SHA-256 | Detects message tampering. |
What makes it worth showing is not that it is “secure enough.” It is that the code makes a normally invisible protocol legible.
Repository: toy-secure-tcp-dh.