At the moment, the rat's communication, although using HTTPS, the results and the details of the job are visible to everyone.
It would be ideal to have a way of encrypting the job as well as the result of the job so that only the agent, client, and server can see the commands and results.
At the moment, an implementation of asymmetric encryption along with signature validation has been implemented in the encryption branch. However, I have a very specific issue:
- When I send a job to the agent, I get an error that the signature is not valid.
I have tried to trace the signature validation steps in the software, but I am not able to pinpoint where the error originates.
I think that it is likely in the key generation or exchange step, but I am not sure.
If you can give this a look, it will be very much welcome.
At the moment, the rat's communication, although using HTTPS, the results and the details of the job are visible to everyone.
It would be ideal to have a way of encrypting the job as well as the result of the job so that only the agent, client, and server can see the commands and results.
At the moment, an implementation of asymmetric encryption along with signature validation has been implemented in the
encryptionbranch. However, I have a very specific issue:I have tried to trace the signature validation steps in the software, but I am not able to pinpoint where the error originates.
I think that it is likely in the key generation or exchange step, but I am not sure.
If you can give this a look, it will be very much welcome.