Re: RSACryptoServiceProvider Question
- From: "John Wright" <riley_wrightx@xxxxxxxxxxx>
- Date: Fri, 29 Jun 2007 07:41:22 -0600
What I am trying to do is similar to what you suggest. The only reason to
use the Public Key is for the client to encrypt the password and
intitialization vector for a symmetric encryption and pass it back with the
encrypted payload to the server. The server would then decrypt the password
and IV with the private key and use the password and IV to decrypt the
payload. The problem I am having is getting the server to decrypt the
encrypted passwords with the private key.
John
"The Frog" <Mr.Frog.to.you@xxxxxxxxxxxxxx> wrote in message
news:1183102676.210296.99080@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi John,
If I understand you correctly, you want to take the certificate,
distribute the public key, and then use asymmetric encryption for the
safeguarding of transferred information.
Can I make a suggestion? I would approach the problem just a little
differently. Asymmetric encryption is very processor intensive, and as
such slower to encrypt and decrypt than symmetric. To achieve the same
levels of encryption / safety you also would need much larger keys for
asymmetric than you would for symmetric. So what I would suggest is
this:
1/ Distribute your public key far and wide - or use a service as sa
key provider to get around the key distribution problem.
2/ Settle on a standard of Symmetric encyption to use for the actual
data payload
3/ Generate a unique (one-time) passphrase and temporarily store it
(in memory not on the hard drive)
4/ Use the appropriate key (if you are the source then the private
key) to encrypt a copy of the one-time passphrase and store this
encrypted passphrase in memory (again not on the hard drive)
5/ Take you message that you wish to transfer, and encrypt it with a
symmetric algorithm, such as AES, with the passphrase (unencrypted
version of the passphrase)
6/ Store the encrypted message somewhere (hard drive is okay for this)
7/ Attach the encrypted passphrase to the message, in a way that you
are able to separate out the encrypted key later for retreival.
8/ I would also suggest generating an MD5 hash for the unencrypted
message so that you can verify that the message is decrypted properly
at the other end, and attach this to the encrypted message as well in
such a way that it can be separated.
9/ Send the encypted message + encrypted passphrase + MD5 to the
recipient
10/ At the other end reverse the process (ie/ use public key to
decrypt the passphrase, then use passphrase to decrypt the message,
then check the message against the MD5 hash to see that it is correct.
You can find a simple and clean example of .net cryptography for the
AES algorithm here:
http://www.codeproject.com/dotnet/EncryptFile.asp
It should give you most all of what you need to get the job done.
I hope this points you in the right direction
Cheers
The Frog
.
- References:
- RSACryptoServiceProvider Question
- From: John Wright
- Re: RSACryptoServiceProvider Question
- From: The Frog
- RSACryptoServiceProvider Question
- Prev by Date: Re: Class declaration
- Next by Date: Re: How come this doesn't cause an endless loop?
- Previous by thread: Re: RSACryptoServiceProvider Question
- Next by thread: Re: RSACryptoServiceProvider Question
- Index(es):
Relevant Pages
|
