Re: Asymetric Encryption - What am I doing wrong?

From: David S. (pleasenospamjustdave2@cox.net)
Date: 04/07/03

  • Next message: Fitim Skenderi: "Smart Card" 
    From: "David S." <pleasenospamjustdave2@cox.net>
Date: Mon, 7 Apr 2003 00:23:00 -0700

    First I want to say thank you to all who helped guide me on this - it was a
    simple error based on too many late nights staring at the code until it gets
    blurry.

    So anyone else following this problem can see what was done:

    I created a VB.NET application to generate my key set (public and private)
    and saved the results into files called pubkey.txt and privkey.txt

    Here is the code: 'Generate a public/private key-pair.
    Dim RSA As RSACryptoServiceProvider = New RSACryptoServiceProvider()
    'Save the public key information from the RSAParameters structure.
    ' Public Key
    TextBox1.Text = (RSA.ToXmlString(False))
    ' Private Key
    TextBox2.Text = (RSA.ToXmlString(True))

    My error was that I saved the public key twice (I had 'False') on both
    exports. I was so sure I had checked this of course. :-)

    Regarding the security of my solution, (William's Question)

    My web servers use the public key to encrypt sensitive data (cc
    numbers,etc.) they are within a DMZ and can only connect to the SQL server
    that is on a 'protected' network with standard SQL ports (no file access).

    There is NO access from the Internet directly TO the SQL server. This is a
    classic DMZ configuration on my firewall.

    The SQL server actually does the work of processing orders, etc. A SQL
    trigger is fired when a new request is written, and it calls out to the CC
    processor for the transaction and writes the results to the db. The SQL
    server has the private key so that it can unencrypt the data to use it.

    Thanks again for the help,

    David

    "Michel Gallant (MVP)" <neutron@istar.ca> wrote in message
    news:uWMP3kH$CHA.2044@TK2MSFTNGP10.phx.gbl...
    > Exactly!
    > See the warning in the "Assymetric Keys" section of:
    >
    >
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
    l/cpcongeneratingkeysforencryptiondecryption.asp
    > - Mitch
    >
    > "William Stacey [MVP]" <staceyw@mvps.org> wrote in message
    > news:#tzmQfH$CHA.2208@TK2MSFTNGP12.phx.gbl...
    > > Q - How do you protect a private key in this case, when it is persisted
    to a
    > > file?
    > >
    > > --
    > > William Stacey, MVP
    > >
    > >
    > > "Etienne Charland" <mystery@golden.net> wrote in message
    > > news:uzk0Y58#CHA.2052@TK2MSFTNGP11.phx.gbl...
    > > > It's easy to put the content of the RSA parameters to a file. You can
    call
    > > > myRSA.ToXmlString to get all the data in a string (in XML format). You
    put
    > > > that string in a file. To get it back, you call FromXmlString.
    > > >
    > > > Etienne
    > > >
    > > > "David S." <pleasenospamjustdave2@cox.net> wrote in message
    > > > news:eGigfa8#CHA.1996@TK2MSFTNGP12.phx.gbl...
    > > > > Allen,
    > > > >
    > > > > You are correct, In a previous attempt I found that I had success
    > > > encrypting
    > > > > and decrypting on the same system.
    > > > >
    > > > > I tried to follow this example:
    > > > > http://www.eggheadcafe.com/articles/20020630.asp
    > > > >
    > > > > And it looks simple enough, but I wonder if there is something more
    than
    > > > > just the keys that must be exported...
    > > > >
    > > > > I don't see an easy way of writing the entire set of RSA parameters
    to a
    > > > > file, and I am beginning to think that I am missing a seed value or
    > > > > something that is still in the local keystore.
    > > > >
    > > > > David
    > > > >
    > > > >
    > > > > "Allen Jones" <agj@bigfoot.com> wrote in message
    > > > > news:ORZfhp6#CHA.2704@TK2MSFTNGP11.phx.gbl...
    > > > > > One suggestion.
    > > > > >
    > > > > > Try getting your system working by persisting your asymmetric keys
    to
    > > a
    > > > > CSP
    > > > > > key container using the CspParameters class.
    > > > > >
    > > > > > At least then you can determine if it is how you are storing and
    > > > > retrieving
    > > > > > your keys.
    > > > > >
    > > > > > Regards
    > > > > > Allen
    > > > > >
    > > > >
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >

  • Next message: Fitim Skenderi: "Smart Card"

    Relevant Pages

    • Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
      ... >I'm getting massive packet loss to various points on the globe. ... >It looks like there's a worm affecting MS SQL Server which is ... >Finger email address for public key. ...
      (Incidents)
    • RE: PGP scripting...
      ... cryptosystems, ... In these systems divulging your private key compromises the public ... Here is a quick over view of the public key encryption routines (the ...
      (SecProg)
    • Re: Private & Public Key storage location
      ... with that you complete the 'certificate' to have both public and private key ... To view the complete cert, you access the cert mmc, ... its end & send only the public key to the CA along with the other websites ... The CA never know the private key of the website. ...
      (microsoft.public.inetserver.iis.security)
    • CryptImportKey NTE_BAD_KEY error.
      ... of the private key is just fine but when I try to import the public key I ... // This Asymetric key set will be used to create the Autherization Code. ... delete psBuffer; ...
      (microsoft.public.platformsdk.security)
    • CryptImportKey NTE_BAD_KEY error.
      ... of the private key is just fine but when I try to import the public key I ... // This Asymetric key set will be used to create the Autherization Code. ... delete psBuffer; ...
      (microsoft.public.security)