Transport security #
So, your client application communicates with AcraServer/AcraTranslator to encrypt the data. But the communication channel between your app and Acra should be protected!
There are few ways how to create an encrypted channel between client application and AcraServer/AcraTranslator:
-
Just use TLS.
-
Use AcraConnector, a proxy daemon that lives next to your application and securely forwards all requests to AcraServer or AcraTranslator. Useful if you can’t configure strong TLS on application side, or if the app works in a hostile environment.
-
Client-side encryption using AcraWriter, the app is responsible for encrypting the data before it is sent to AcraServer. Technically, it’s not a transport encryption, but an application-layer encryption. The client-side encryption is useful when the app works in a hostile environment, so even if attackers “remove” TLS layer, they can’t inspect transmitted data (because it’s encrypted 8-)).
