How to share secret key used in AES Encryption to some other Application for decryption?

Question

I have to implement AES Encryption/Decryption having following scenerio.

There are 2 applications App1 and App2 running on different servers. App1 will encrypt(using AES Encryption) some data and give it to App2. App2 will decrypt the same data using AES decryption. The secret key needs to be shared with App2 for decryption.So, how to share the secret key with App2 ? Can we use java keystore in this case ?

Answer 1

Can we use java keystore in this case?

A Java keystore file could be used to share the key data, but you would need to password-protect this file to ensure other parties cannot read the key. So you've only changed the problem to how to securely share a password.

A common way to solve your original problem is to use asymmetric cryptography. By encrypting the AES key with a public key held by your recipient, you've ensured no others can read the key data. However, you will still need a method of determining that the public key corresponds to your intended recipient. For that, most people revert to a PKI of some description.

This is a broad subject area and worthy of some further reading on your part before you determine the correct approach for your use case.

Answer 2

You need to implement Diffie Hellman Algo! Watch this on youtube Watch this simple youtube explanation!