I want to post some login information to my server, however, as I have found out using openssl is out of the question. I wanted to see how other people had got over this issue. I know that for me it is a small project and that the likely hood of someone wanting to attack my system is small to non-existent, however, this is a learning exercise for me so I want to get a solid implementation that I can then work with in the future.
The idea that I had was to encrypt the data with the library by MarkT found here: http://forum.arduino.cc/index.php/topic,88890.0.html and then the Arduino and the php server would know the same key (hardcoded into both(This I guess is another security issue)) so the php server could decrypt it, however, if someone captured the message sent by the arduino they could repeat it which would make the project vulnerable. I would plan on using many arduino's not just one. I wonder the thoughts on adding a digital signature to the post.
Obviously being able use the public key would be best, however, I don't want to use the Arduino Yun or have to go to a raspberry pi to achieve this so that is out of the question. I am using a Mega 2560.