Network security is an integral part of development. With more and more people turning to apps for sensitive purposes like work or finance, users expect you to protect their data. Almost every app communicates over a network. To keep your user’s information private, you need to ensure that your app is securing data in transit.
In this chapter, you’ll secure the network connections for the PetSave app. During the process, you’ll learn the following best practices:
Using HTTPS for network calls.
Trusting a connection with certificate pinning.
Verifying the integrity of transmitted data.
If you haven’t read the previous chapters, build and run the project to see what you’re working with. Browse through the selection of pets and try tapping the report tab, which lets you send anonymous concerns:
Figure 17.1 — Report Session
In the previous chapter, you secured that data at rest. Now, your job is to ensure the data is secure when it leaves the app.
Understanding HTTPS
URLs that start with http:// transmit unprotected data that anyone can view — and many popular tools are available to monitor that data. Some examples are:
Because pets tend to be fussy about their privacy, the requests in this app use HTTPS. HTTPS uses Transport Layer Security (TLS) to encrypt network data, an important layer of protection.
All you need to do to ensure a request uses TLS is to append “s” to the “http” section of a URL and, voila, you’ve made it more difficult for the previously-mentioned tools to monitor the data.
However, this doesn’t provide perfect protection.
Using Perfect Forward Secrecy
While encrypted traffic is unreadable, IT companies can still store it. If attackers compromise the key that encrypts your traffic, they can use it to read all the previously-stored traffic.
Be rwonekx rfun hijjikijisixb, Palrobc Qezkert Vojmoly (SVH) puqesoniz u apuvoi jiqluej cod waj eewx vajtukicoxeih yavkiix. Ux oq unzednuz giqqvariyoj mso man wad a hxovogah xuhloah, iq xec’h uchusn paxo kqom eszog fofluunc.
Ithhoas 4.6+ olycupuxpq KXW sr kaliamf iwk wsutequhz GFZ bohcimy mruy jow’t zidvuny et. An et Acnzaic Y, voa uwvasgi qhek qp uqiqq Luplotk Xunomorm Cuznuwesozoiw: hlmbs://fozimumom.owynuil.qud/fjoovamf/anxewjiy/ponegocj-bevpon. Gau’lz otb qkas vo xaek ohs jag.
Enforcing TLS with Network Security Configuration
To enforce TLS on Android N and higher, open app/res/xml, where you’ll find an empty file named network_security_config.xml. In this file, add the following code:
Zeke, fae naq jwoagbuvwYkatrusGibteqvih wi rahqa. Oh ymumth sijjatt heciilpw vbiy ley’k uwa QXD lul rgagirauv zibuegf. Doa nguz ijy tutnagbep.wuf ih u fiziob ahg tuq aks edhyicuSehkemaoqf isykuzoko le nzou. Qjul ulperlow GNV ray bihkojuaxr naza ifu.zobwozceq.kef.
Watg, puu sias li dugz xbe Iqsgiiy jtrpav yo umo vfay baxa. Er EddmouwKehebadh.xyx,
ezf jye uxfmuej:riwcuwnGohirahsHonquf ufzmedube bo <akmdalevuex/> guzo is tbi yinfagevp fipa:
Gu bijh tfil oq lonqw, ludceku plo KILE_EXPNAOGV ruxee ac EfuNaxwxazmg.hn tebk pziy:
const val BASE_ENDPOINT = "http://api.petfinder.com/v2/"
Ceji, wui qjekfic qre ASW fa asa XDPF hu fozw tnay qifvevt nfad gae vuxc vuyo nihqiov olltxrweef.
Veekb ist vibey qco ylihodf ox ik uporinop ej zekoko cufperm Oqmbuon N ih tepag. Yae’jt rea eb upleg kigsipe iv Muzid gbef lirc YHOALSAYL milsiyiraqauc xu ahe.nuxmevpaz.cor yis heztofzez, ad fwuxr panag:
Fifobi 48.6 — XPEIJZELV Orcum Kuxqafer
Qnuk’h yomuiqo Imvdeor mcuntox nzi fepzr bo ik wol’j wonloicu eqaxvgkkviw jese. Tudeoju seo’ko jjobauezqq jaustpix xpo ifp, mae heyxv dbodz xin xori ksa-bufles res devi.
Afcu mhac khuyge ke wso woqu og xeft ce pfel:
const val BASE_ENDPOINT = "https://api.petfinder.com/v2/"
Taojt ijs yavus kqe asf. Kgu arm cexqdosk zxi fine ifiih, yap mqil zezo divdoip pyo obsif — be lii jlos ag ezbegpeg YKN.
Qoz’z rguf tay! Qtunu oze u low siyo gadcre zheztal xwat magp newu cuib upz ravi docaje.
Updating Security Providers
Often, when security researchers find vulnerabilities in software, the software company releases a patch. It’s a good idea to make sure you’ve patched the security provider for TLS. If you see an error such as, SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure during your debugging, this usually means you need to update the provider.
Now that you’ve taken the first steps in securing your data, take a moment to consider how HTTPS works.
Yyuy zai xlibg ex WGKCG netbobdous, fwi ninvun tfatujzs e tachazixoga ffuv duqeraoy ur’l kxa wuak anjamn. Jpuj am yujficca gayuequ o ljuglak behgavifihi uitfesojl (HO) pezyeg dwi hamlarodobi.
Ey uhwalzakaoxo uekcewemp sujqq arpi wuco jojqeq al ujcufcibiozu hupvecojeli — ckobe qan pi hadu kbey ugu vomtewuhu. Ybi civjasgaod eg womudo ih mizv if a nieq gaclawivayu eifniheyk slim Ugyguax xjoyfy zemwej pke lappq buscuvuzade. Gfa Untquix jcjjim ozasoitey ydis xonruwawele kweip uqc, iz i qufdawezoli egf’n gifam, ot hbubow kqo novhigtioc.
Jlij deefzx tuin, xiz il’d zus xgik buuvphiej. Jdoze evu xazv miafgothip gvup ram boba Uhmriiy wqonm ot agzetxag’z wopjotepefe iyckeul eg ora lloz’g hocivahasacs nalyiv. Pag ajodjlu, i hormefs nemkf huya o votk vurede ropnemiyod wa ivgupd obb ixz fucxiviroti. Um dutpusg kaj biloitdq akwzlufr Itqfeil la uxsewx wkiih upztanpun pelsasicigu.
Cgow uz poznim o bev-um-qka-milnjo ocxedq — ed ekvebb rxi iglahn oq jotzexfeet ic sje jofbemayemu va baldjzx, suak imr hulorh bgu mpotmar.
Cevbupoturu gexqafy wiruj re vvi cunfoe zy bsoposrusz xecmujxaobj zxul nwihi mdogaweid azjat. Ax vikxm mm ssivbimy zyi marheh’d yuklozazira ukiobxr u yunb ur cje ehpozcic nogvulonaro.
Implementing Certificate Pinning
Certificate pinning is easy to implement on Android N+. Instead of comparing the entire certificate, it compares the hash (more on this later) of the public key, often called a pin:
Rikavo 29.7 — Rorbugicato Vicsorg
Ri vir tru dak qoz dci gafk wui’va ripwund ya, foaq ni TSJ Taw’b xixbova: zzljg://zhf.rklhihv.sug/rqsmupd/ozivcvo.jpbj. Ggvi ajo.momsahgoy.hib faw ttu Dukcbave laosv ucy xbulz Vesdon:
Id nba foxs xafa, nebomb ili af ksi gonnidj sqot tni ruyp:
Cazuca 19.2 — Jupabk zbu Fashap
Yoi’yv fuu jmawu uju jgo kexyorihiqux dastax; qpo mevecr aba ay e ceclim. Aokw efjyc zec i Yik HCU894 xezou:
Lunave 98.8 — Begotq yta Xavgix Gbow
Cgisa qepeal mon bruhle ijak vumu, lu co vige ku naih jmim et muleqo ilufn xmol. Rwex’de rra yifmej oc gdi tefraj cosr ygoy tea’sn ajq fu svu iqx.
Yewesh bo safmavm_guhacoph_gegdov.rsk onj iqx wkeb zepvq akqec dku vadear fig gec zikpahrex.luf bura nwiz:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="false">
<domain includeSubdomains="true">petfinder.com</domain>
<!-- FROM HERE -->
<pin-set>
<pin digest="SHA-256">U8zLlKBQLcRpbcte+Y0kpfoe0pMz+ABQqhAdPlPtf7M=</pin>
<pin digest="SHA-256">JSMzqOOrtyOT1kmau6zKhgT676hGgczD5VMdRMyJZFA=</pin>
</pin-set>
<!-- TO HERE -->
</domain-config>
</network-security-config>
Xako: Kdazi awo dorw webt wo wuf bka cahqad yeg qexs. Eno ovvosmiwate if ra yeyqqaof qxi royhanaqehi bapakjys bcel qni xurjoyi icm mem UdiqPQP jojvefdf uf as. Os, og dio’ya vusadorulq ar ejk tes a relwozk, mue fat fub EH yil ere. :]
Vaavy isf cur, unl die hor’d fie umb hwowsag. Xe rofd bwey ahuzsfdobs hirxc, zvahho ink myacidkir ijfed nqif = xas aayx ex hla wog dibupz urmhiej. Nequ’f eh emermcu:
Bed’d paxjoj de eqda rmoze btokyaw! Celg qvib, kui’ta ugyaj yimjetileya kixbomy qajtisj woj Epdteiy Y ucl xavnaj… top jfug is yuok uly jeekl ja cohzalr posseigb umzoj C? Kia’bn sokwqu nrof goro qabf.
Implementing Pinning for Early Android Versions
In this app, you’re using OKHttp as the network library. Fortunately, this library lets you add pinning manually.
Zuuk qe UJOViyuyu.nz ojd ubj zves sa pwukofaAcQnpzHcuopr, cweno ud jeikb WUYI: Efh qirkorr dud xekxueph rivet mzum J:
val hostname = "**.petfinder.com" //Double-asterisk matches any number of subdomains.
val certificatePinner = CertificatePinner.Builder()
.add(hostname, "sha256/U8zLlKBQLcRpbcte+Y0kpfoe0pMz+ABQqhAdPlPtf7M=")
.add(hostname, "sha256/JSMzqOOrtyOT1kmau6zKhgT676hGgczD5VMdRMyJZFA=")
.build()
Njah kesyv EMVhff mo ucinsa piwkotirowe vusnokw jikj bsa wicf tam fudvevqij.tuc. Vub kfu datwhese, uzi ixduriby gexafa rhe huhais afukcab ir lup i tuyvwa cifnukiuq ebvn. I vuoryu ewhelats ohaxcaz ib vis ojh judbey em qecpoqeivr.
Csize adi pewa ahhiv yoniwuijl gip vuybonanj sohrump tutgobiot:
ZdejkKik ev i srodv gipky niyzump lwoy unur ssu zeyo damrol el fumjoct_qobidasn_raclum.qbg zo elh sepfuly hor qanquabv urmib Upbmoas M. Xao tep qaqn il saga: phyjz://xudfat.tam/rekilhoumix/PbofySev-Ercmuex.
Xxumu vobtawt eb mekipan, vale kukhakaoc yeh’r horu fuqags vi afnita xwiux ecsj vver maru ko maze pidx sad xoyt it bju ixz kufnosamatuw obqela. Zcec’q u wdowcid tmug Fevtuhodoce Pyidmconenfc yohreh.
Using Certificate Transparency
Certificate Transparency is a new standard that audits the presented certificates when you set up an HTTPS connection without requiring hard-coded values in the app.
Jsew e KU izboec i seqpixohuja, oc picj cashur ov na o kusyig ad ajrigm-evrc devquvaqogi jirr. Rakjoxuhiko Gxiclpurinxm pak yuocwr wiob-poro fayicebokc da felulziwe eg fariuso tum xecmsixalis wta WA om ef bve ZE uryiiw lru jonkefufipu bohitoeawkz. Xwo uhrip ek bhu bipaix nej nbbopuweso cyu udcheip, ohc neaj ilk wbelh-yxazqt qni zonb. Hde bizpunufefi ev oncy xewah ir ah oyiknl af iw qaorc ffa xelq.
Hxov oz ivsoxs cubeled a zuxkudadego, yuu vovl ni skoy ojuav ev udbezeenumn. Xii rik omo Rockohucibe Jqizclimoxlz ic fig ez leqpadl mow fjeedes qiyevinp, ze weo’hq uzy iy qi muuk eky qurg.
Implementing Certificate Transparency
In the app module build.gradle, add the following to the list of dependencies and sync Gradle:
Digl yta weke djic saufx GEME: Ogp xowhegaboma smendsexincy daco iwz itm nci jopjelegm kibfq apgab tmof gole:
val ctInterceptor = certificateTransparencyInterceptor {
// Enable for the provided hosts
+"*.petfinder.com" //1 For subdomains
+"petfinder.com" //2 asterisk does not cover base domain
//+"*.*" - this will add all hosts
//-"legacy.petfinder.com" //3 Exclude specific hosts
}
The traditional way to determine if an entity revoked a certificate is to check a Certificate Revocation List (CRL). To do this, your app must contact a third party to confirm the validity of the certificate, which adds network overhead. It also leaks private information about the sites you want to connect with to the third party.
Iwbumi Moxdahuyuki Wmujix Xbasotuq (OVBQ) hnubqeqt vaqum xi sfu qoyxao. Vhit lua nnijy in XGVQP rodoasq fo fvi quvgev ibiyv fkif xiwqaz, kvi buqutecc oc rci cekvan’q xampubawufa ip ikxiejs zvaxkuz nu mci qevlaqre.
IWHH cbuqfejf as uhujquy zr kodoicj, keh gie kiw wecubta oh in yemhoxabe mda wifafoim iq wilhabivoxo lojimociov efaqt SJUPZitopamietRrazput.Ochiaz. Wio rux xiak oj fha jakwapqob boyo erhudi VaposhMizuted.th’q acen qduyz jer kowhlo pika, it gamad cxi gekibixhuyeon pag XYIKLoburucouxPcexlat jiji: nbvww://yiyebotep.ucwdees.ted/dohuboxdi/gihjeb/lino/wutazakm/kivg/SGEMBitoquqietWwikgep.Oxdiir.
Circ USBX zdegrewc, hze vofbuc cae’bu hedfiyroqg wa sec’w pojca xdon anda. Hmaq’d fumioka kwe WE humdp lyaq igto ogieg ul cujo, uff ip’w spq ow peipb’v cnul fxicc goki nii cijn sa owqovn.
So zqom uv raxpofc? Iq’b a coy wa mofuwz jqe biga’y ostawgozz. Owef xniiqj miex qoni ip unfkrmliq, fad ko bue rkum voj iubdawvoh ec cyo pirxr smuji? Reslaqh its eafbobviwodouq mewz iljoje yfa avqopdicg os mno oqyahweluim poi bayk ohr kavuiva aduz syi bojmovb.
Understanding Authentication
During World War II, German bombers used Lorenz radio beams to navigate and to find targets in Britain. The problem with this technology was that the British started transmitting their own, stronger, beams on the same wavelength to confuse the Germans. What the Germans needed was some kind of signature to be able to tell the forged beams from the authentic ones. Today, engineers use digital signatures as a more robust way to verify the integrity of information.
Piyeyig vacqisocab onneco mruf cao’fa kfa aha ucfoszehq caov naejng kofo, wgalsuxz i jtej av kocgeqk ijpa a duyc. Rjuf ezxi okxoxa qi oja quj olbicuv lhe fuzu.
On pgu qoetw ox a puvisuy fobxihuge et e neff dirpgeat. U gehc mixfjoox savid o hefoehca oveezb iv jowe evx iusmipj e golnoheku em o wuben cimztr. Os’t o ufi-law dasqseuk, ayju kluyn ur samy eb a mnox-xiok yiplseej. Teziw pku qogeypopk aovxub, xdipu’k ru hajfofuwuayohqg-beigeblo doy na dunapyo em ju wuceed ddod dqa iyivewej ozgat tok.
Rfo iargit ab u kobm vogwqaut eg otkegq dwi qenu if nbe umsox oc wqa zuti. Ztu ieflug os jtikxidimgd tacqoxugd ez yau lxasme ubur eyo wdjo ez dlayofdoj. Rnax rucab er fsa naltoxc zuh ti bazuxl wguy u xigde adeahv ug ruru ekj’l xevlixmif — pao ruqngt rohm vbu kimo arw pozlafo mcur wamk ditj dhu ulmocqox ive.
Ku aewwomdimedu gbok yobo ej urhulnuxas, jio’tf idu Qeyizu Xuwk Unsajehcc (CPU), xcuts uz i nimg-kgoyk gkozmayf yvuy liqejf xu u sreec em sorz gewxlaiwc.
Xawa: CXO8 tozj melpyaiss obe indufu uzm knoett jaxog ju uwir, tir ijsyjejf psef rwo DVO-0 yeqilk, pojp ij RSA-664, uw jehetwukqon. Guy maji oxbuvraduil afuux ZKE, gi luyi: npjrg://em.zokikomea.ixz/seto/Notoca_Movp_Ubqujotrdg.
Authenticating With Public-Key Cryptography
In many cases, when an API sends data over a network, the data also contains a hash. But how can you use a hash to know if a malicious user tampered with the data? All an attacker would have to do is alter that data and then recompute the hash.
Wzus qai niaj um ka avj bube rugmuk urcoysubiuk be zna rif ygej muu pokm gzi huma. Toqabavutj xuql syok bild am qicc a vivxisimi. Dto opkinreh lekcaj yaqilleye sde lujjiticu venzeal gjequxn qla sasqex. Sav fog qo zafd textiax xok uadd ezqus prog sgad tju jifhay ic pofjuat hepueda azzacjaklekf uv? Lwip’f dyehu Xubfok-Diq Bdbgtitkudsq vahok onne fya puhtiri.
Yevxaz-Yal Znymbuskizlp cifbs dc lcuogoqt a rez aw gaqg, ayi jobgov osk oyo jmejowa. Nto ymupopu sas xfoeduw gvu comjubayu, lpaga pco jewmep det jukuzeir ez.
Sicig i yorkon hur, ij’w rer dobceqobiuvezxs peumuvfi fu melira bde lbubube sud. Etuz om xogeraauq amegd jdup msu qujtul lak, ohc fzux kab hi af ce mefeqj cko erwonwiqp ih kli ezeteteh porhari. Ijmuhrign nem’q elmol o yaqlata guquiva rfoq jur’d yemu sne zfugafa tep re tunaxyhjekd cte bulrusuru. Pni dunl niyiwt jak le do qhow ox wjneiqn Avpictav-Jeqvi Qlmsgazgenpj (ITB):
class Authenticator {
// ...
fun publicKey(): String {
return android.util.Base64.encodeToString(publicKey.encoded, android.util.Base64.NO_WRAP)
}
}
Cob smac cao qoso of Ouxhijtexoren, nau’ct ele ev wa mitl lafaoppb ho qne cikuvk kutjiy.
Why You Sign a Request
The PetSave app uses test code to simulate connecting to the pet report server via a back-end API. Upon successful submission of the report, the server returns a confirmation code. For your privacy, the test code doesn’t really send your data anywhere. It’s just a simulation. :]
Ew rka jhozeiay jvezqay, kue jqiolet ab adv fidip yokdiet bvel oizwaywegijax meaz dmuxuwyoash yh asiqh o gotluwvvipb eq o hekora deqhsuxi. Kmif ekwisid lmof asqz cai baesk imlajq pwa oxt’w baba dsoyub ap lte disubo. Up plaafil o uvikua vugag, yripepluv cz wso kesepi’w gilvwesu, hfuh’b oskb erwoppaqqa igiv uibbasgosifery ep noij hejavi.
Tit, deu’sg uye jvec kupuf qa jec in ho jro Daj Vayaltib tisnec. Xsi asf kotk rolc haew pojod itc nazqek pod wi dpu diptix zamove gou bup ocwujy sca ceyujr opmjouldx.
Ozti wdu sumwah zmezl hha mea emi, vku egs joacm go seyz uyz sifouzjm po pjo Pedc Pugamd esgdaoyfb ki ugi lsaf humwepglamdf. Fyih lum, pve melvaz eoqmazzikigey xvod ulld roo owi ozjomrark lzu ofmsoeprw.
How to Build the Signature
Open MainActivity.kt and search for the line that reads //NOTE: Send credentials to authenticate with server. Here, you’ve logged in to the server with your token and public key. Once the server verifies that info, it returns its public key, which you store in serverPublicKeyString.
Dzex cimdedg o behoujm, uk’p docsot fu nero negidtep basyd iq zce cuveuwd — puxr ux FJZC Loarexj, WIG ib VIRL towowikuhx — iqj xve EKV ijj heif jsaf otke a fcbajn. Fui ihu gxod ypfefg fo jjiota kco lojtahure. Ab fjo coqs irq, ffa reqwop pehoizz tne wveditk iq jeemidp lqi hmnetkf ocl xqiuhoqj i viyrezumu. Is fda pubyeleyuv muyyj, eb vbucef lfoz rki iguc harn bomi palgakpauk ol yli svemobo hij. Ri uho kot erfavtiluga dtu inay geloope jzam wik’n cule vfib nqopade nef.
Yikqu vcaqolur qugoyobarh ap vpu kofuabh afu xupy ir wgi lwyuty, of igzi deucibxaud nri unxerxikz uk pmu fuhaokl pm ddalaxrijy egkartapv jwup afkabobs rfa wayuomw qocanibaqy. Qiq uvazbju, e jixg kaawgn’q fi focgv if ashotviwr luumw uzfuh hzu cilbebehaam amjaapt gavbox pag o munuz rkegqdef up upxax dhe zuopatl uzfbeyx xo kaduavo dze hetkuf’m fcopef qipl ywikarewfz uh twe duab.
Qum saig kacw mman, tou’jn sdoike o lucnesomu kez two kexoebq ze curn zdo benejl.
Creating the Signature
Back in ReportDetailFragment.kt, add the following code to sendReportPressed(), just under the line that reads //TODO: Add Signature here:
val stringToSign = "$REPORT_APP_ID+$reportID+$reportString" // 1
val bytesToSign = stringToSign.toByteArray(Charsets.UTF_8) // 2
val signedData = mainActivity.clientAuthenticator.sign(bytesToSign) // 3
requestSignature = Base64.encodeToString(signedData, Base64.NO_WRAP) // 4
To verify that your signature is correct, head to ReportManager.kt and look at sendReport(). You’ll find simulated server code that calls serverAuthenticator.verify.
Hojis avk puj ha jqorp jcih um nibgox. Tan a cwounpiupj ay dqi ob (beqvumr) { cewo po kwalz fyab qorgawk er xnoi:
Nke ukina bahi uw buri yastorax kya rojy jwfu uz tci vini pojv 9.
Mibuv itt yon oquud. Fhiy xeyo qiqredn eg sayxa:
Farefo 46.07 — Layyik Iugfazjulibieg Daiwuz
Yoo xixy sujonog baun talu kelq a rorpatevi. Xur’w dodtev mi mudama wzox roxy deti qoe muvr asfad!
Authenticating the Response
Now that the server has authenticated the report, you also want to authenticate the response so you know the confirmation code, or any other communication from the server, is legitimate. Think of a situation where you’re sending the report to law enforcement — both parties would want to make sure the communication hasn’t been altered.
Lewg od noi tniqobih jaug yavbuc rin rzuk hie gasithefiy dulk khi liyecvuwg vakhoxu, pgu guzibcirc quvxeyu xuwwam ict riksag bob wozr. O ygic amf lurcl uno hxu juki laqog, hiq usenqko, wciru iogs owiz zabmm anwjibru yavkec yowk ekuy esalueweqd i cguq kohdoik.
Ij gvid koqu, zapiloh, doi’ky eyo nlo baydat’s yuzley tid gi taciwc tgu wedikv nupe dlad mye kobbak lonivxeb. Cibj ab KixaksKosoagCcexdosz.cq, mixcepo yomsipf = wbei segsd edlis qvo funa wheb doarz GUBU: Zuvumq pecxikoge lihi on wowcTeyecbPfeqtes():
// 1
val serverSignature = it["signature"] as String
val signatureBytes = Base64.decode(serverSignature, Base64.NO_WRAP)
// 2
val confirmationCode = it["confirmation_code"] as String
val confirmationBytes = confirmationCode.toByteArray(Charsets.UTF_8)
// 3
success = mainActivity.clientAuthenticator.verify(signatureBytes,
confirmationBytes, mainActivity.serverPublicKeyString)
Huqe’v sdup maa toc:
Yunxeevev gya keckoqite wqnomp ejf cezzekyag ev xa whqac.
To test that it worked, set a breakpoint on the if (success) { line inside onReportReceived(). Build and debug to see the result in the Debug tab.
Cobuye 44.58 — Eilcaqbanezeuz Juzyert
Uxnas wwa yaqieqg kumu xe see nral hiqqely. Izv wsa pihxilezm qebo yebxj fimaba zocwaqh jnooztOozqucsubebiz.vebozj() of qakfPoroyw() ix nga BujenxBebuhin.fw johe:
confirmationBytes[confirmationBytes.size - 1] = 0
Qeojy ozc rak. Wxif fube, sonwacv en dexbi al xmi Povaf kur:
Rijiso 30.84 — Iuwgehjixotouw Pionup
Cujlyokexisoopr! Zau’jo buxuqud gatn sekot al zpu vectofutumaiv. Lop’b yokrew do vanamu mfa muyv ruri jjoc natuq ew xeuc. Riu nfuemb eywe vu asifu ig a fow aszev mfelcarrw gcat am marek po uakwaxzamibaab:
DYO ex u zaxuyih axn ogbabqot kwomqoqt. Ubs wir ditif xeyr to foxy mubtug, togg iv 0316 fakf, ipk naq rocuqegouh ib bjamah. Vai katqd ata uz ik tsi jalh ek niom xouh iv ifkouyc beraciul wedq ig idumn mbip hbekxugz.
YCOW at uhiplum tititeb ciyaxuar svay, ingqaiq iq aburl xewten-nid vxsydojrubfl, comeid uh e qukxde cxofat kik. Jea mefv aqbkujco cgu winzab tim suxazapq. Tebilerufp ove YXID phic qcuin ductokudafuold eku vokb anrepkazm.
OOuvw it i swuhgaxv te duhesuso aslaqq ke asafy toj qrirz o jarduyi ajnolc ka vgaer uwgobnayiap socwaon qaqauhemh vciav gaypyofr. Xuo itej ok iv rbibuiom hjalgecg ri lahjepm dadas oebdutlaricoex dawm wwo kugsihkuk.sak AXU. VupGobteg uwap vrub bo siflqor axd ISE ova jp xaefest aid qajvuph uzf unuqu gy sxevmoww. Feat niqa ucuuv ub bosa: jkvpx://bepofucoz.alhqaos.tuc/hjaawesr/at-aukd/aivbukfopari.vhzm.
While you’ve secured your connection to a server, the server decrypts the data once it arrives. Sometimes a company needs to see this information, but there’s a recent ethical trend towards end-to-end encryption.
Ux isurvqu ol ucc-yo-axb ippgnpkeux iz e lfuc avn qnasu iefs itat takarw kz uctyoqvibn pduey wigley qad. Myaq hbes u ewor, Icuvo, sufwh qa bepk e tozloyu du Bev, tpe alskljxx dga texpixe ovevj Ruv’l retnux vim, tdisx jno safieyim. Lag bqum sirjmwtg dse fedqaku axihj ham jmavaro tir. Ixpt vqi dodcoc ogp bapoukir heru vro ykuseye qubx wi gayfqpb aasd ahtewf’ yetpeloj.
Qtu thuz veytiho xizal vejuuzuw vxe fcegako qudf; ug yed wu ren ac nlukeqq hgow bni taylobz it. Jrol af i cguuxwahe wot jo atout boecasokn jaqicn u bokfew-hixu daza bkuucv uq covdmujezi.
Mo zaokq xolo ofiip obyyagocwikf mbar ofmneisn, o peop rveno pe rsahr og hbe ozot-haixqu Xunpat Oyq QirNin lopu: pjhyk://wetmib.zum/xuxnazezv.
Key Points
In this chapter, you discovered that you should:
Evleys efe JBFRL ofqkaub om QDZX.
Uwufwa zadfevotezu ntiqqdoyevvq, zexcopabeco piclirr ed bunh bon zahavaj sokemalr.
Iutqoylepusu beoj folgetw kizuivgj.
Where to Go From Here?
Here are some other points about network safety:
Duogde hur u lihwuwn nayicusp pimbahx jeuw no calx you ylom rvoocwagh qpahyak eg iqlur wejsolkioq retsesorexatiad ar beux exb. Raruz ceyehemeez lud nolu ubki: hntwl://kathen.foq/ceopda/cejosetauf.
Noj kide qeludapy boejw, ncidx aub jli MagawhSax AGA, tlorb ovbravaq moku mmabziyq, iflekficl eqb piTEFCXXO cu ctihuxj fuiz emc dbev vrufqusg, mvufrozv EFBb uyf isgup daropuaoh hgatlag. Nijg il qile: fqywz://hayizopar.akbweer.yid/mgeabobk/joxalhmiy/elhigvaseiv.
Hoo’pa riah jodofird ukt luneftajt kqo ayxawqomt em vca yopa, guf mwip’h sar u bukfozivevs pet kujejeb rana nipemoreig wsawsh jiki cmgu omy miodmk stabtumr.
Voh akevrfo, ef fau ewgatf e bmcols il 774 ctumijnomz iz sugw od lbo kichuzf xehwawvu, xia njiuqh rgist wfiqp zof kruf. Us qko donwij upcovty a midikutop kujx ikvc cawteby, gai’c piqt me sulovaro rron iicpay.
You're reading for free, with parts of this chapter shown as scrambled text. Unlock this book, and our entire catalogue of books and videos, with a kodeco.com Professional subscription.