X509Certificate hell!

From: Sebastien Garrioch via .NET 247 (anonymous_at_dotnet247.com)
Date: 08/04/04 

Date: Wed, 04 Aug 2004 05:29:34 -0700

Hi,

I am trying to secure connections to our SQL cluster and want ot use an encrypted connection string. I have issued a certificate from my test CA (Microsoft CA) to my test web server. It's a standard server authentication certificate that can be used for SSL. I have installed WSE 2.0.

Goal:

Use a digital certiicate from my local machine store to encrypt/decrypt the connection string. Once the data is encrypted, a hash must be generated and signed.

Method:

1. Encrypt the connection string and store this in the Windows registry in a binary value using the certificate public key.
Code:

NB: All vars are byte[] if not declared

X509Certificate cert = // Cert x from store
RSAParameters lockConn = cert.Key.ExportParameters(false);
// Prepare to encrypt the connection string.
// Instantiate the cryptographic service provider (RSA).
RSACryptoServiceProvider csp = new RSACryptoServiceProvider();
// Set the algorhythm parameters, encryption key, length, etc.
// lockConn recieved these parameters above.
csp.ImportParameters(lockConn);
// Convert the connection string to an array of bytes.
// Convert from standard ASCII characters to their corresponding bytes.
clearConn = ASCIIEncoding.ASCII.GetBytes("SQL Connection String");
// Encrypt the SQL connection string
cipherConn = csp.Encrypt(clearConn, false);
// Code to write to reg which works just fine...

2. Generate a SHA1 hash of the cipher
Code:

SHA1Managed sm = new SHA1Managed();
hash = sm.ComputeHash(cipherConn);

3. Sign the hash (it dies here with an OID unknown exception)
Code:

RSAPKCS1SignatureFormatter sf = new RSAPKCS1SignatureFormatter(cert.Key);
sf.SetHashAlgorithm("SHA1");
signature = sf.CreateSignature(cipherConn);

I have searched everywhere and can't figure out why it dies. Also when I try to reverse the encryption using the private key it dies. I am really pulling my hair out with this one, can anyone help?

Thanks,
Seb

-----------------------
Posted by a user from .NET 247 (http://www.dotnet247.com/)

<Id>lKBBa8tjFUSsdXaM2dwW1A==</Id>

Relevant Pages

  • Re: encrypt string in the Web.Config file
    ... If you encrypt the connection string, later you will only have to decrypt ... Which means somewhere you will need to store the key, ... you apply the same hash ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Secure password storing
    ... Why not the Hash ...? ... The only way to store something securely is to encrypt it. ... possiblilities in .NET to encrypt and decrypt passwords (encrypt it before ...
    (microsoft.public.dotnet.general)
  • Re: Encrypting Connection String
    ... > This article will tell you about several possibilitys to store connection ... >> I currently keep my connection string in web.config as clear text. ... >> evils of having to store the encrypt key somewhere (so you can decrypt ... >> one-way hash...but of course no sample code along with that suggestion. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: 2 Keys decrypts same message
    ... > Hash of the Password (hash the pwd, ecnrypt it and then store it) ... > The idea is to use DES to encrypt the password using the password as ...
    (sci.crypt)
  • Re: Encrypting Connection String
    ... This article will tell you about several possibilitys to store connection secrets. ... > I currently keep my connection string in web.config as clear text. ... > going to production I want to encrypt this string and then after retrieving ... > one-way hash...but of course no sample code along with that suggestion. ...
    (microsoft.public.dotnet.framework.aspnet.security)