Encryption Problem using X509Certificates in Citrix Environment
From: Sandeep Thammadi (Thammadi_at_discussions.microsoft.com)
Date: 05/05/05
- Next message: ourspt: "IIS Application Pool Identity setting problem"
- Previous message: saurabhgarg2k_at_gmail.com: ".Net framework security Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 5 May 2005 00:00:01 -0700
Brief: Iam working on an enhancement for our product. We need to integrate
Document Management System with our product. The DMS works on Citrix
environment, which has Server and Client components, which our product needs
to use for communication between citrix server(where our application is
published) and client (where we run our application from, using seamless
citrix connection).
We are supposed to encryt some data on the citrix server and pass it to
citrix client, for which we have developed an encryption component. This
component uses RSACrytoServiceProvider's encryption using certificates.
The following is the code for encryption:
//Convert the data that we wish to encrypt into a byte array
byte bytDataToEncrypt[] = ASCIIEncoding.ASCII.GetBytes(strDataToEncrypt);
// Get the RSA parameters from the certificate - since this we
// are encrypting using the public keys in the certificate
// we pass the false parameter so that the private keys are not exported
RSAParameters objPublicKey = bjCertificate.PublicKey.ExportParameters(false);
// create the crypto service to use for the encryption
RSACryptoServiceProvider objRSA = new RSACryptoServiceProvider();
// Use the previously obtained RSA parameters
objRSA.ImportParameters (objPublicKey); (where objPublicKey is the
encrypting certificate object)
// perform the encryption
byte bytEncryptedData [] = objRSA.Encrypt(bytDataToEncrypt, false);
//If Encrypted Data is not null
string strEncryptedData;
if(bytEncryptedData != null)
//Convert the encrypted byte data to hex
strEncryptedData = ConvertByteToHex(bytEncryptedData);
else
strEncryptedData = string.Empty;
return strEncryptedData;
The Encryption component successfully finds the encryption certificate. But
while creating a RSACryptoServiceProvider object I get the following error.
"Crypto API cryptographic service provider (CSP) for this implementation
could not be acquired".
After finding an article for the above error in web, I have made the
following changes in the above code as follows:
// Create the crypto service to use for the encryption
CspParameters CSPParam = new CspParameters();
CSPParam.Flags = CspProviderFlags.UseMachineKeyStore;
objRSA = new RSACryptoServiceProvider(CSPParam);
Also gave “Full Control” permissions to the following path for “ANONYMOUS
LOGON” user on Citrix server machine:
“C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys”
I then got the following error:
“Access Denied”
Later I gave “full control” permissions to “EVERYONE” user, to the above path.
Then the encryption part worked fine. But when this encrypted data is passed
from the Citrix server by the DMS server component to Citrix client. the DMS
client component on Citrix client is not able to decrypt the data. It gives
the following error:
"Error decrypting: The total input data is not a multiple of block size. The
block size is: 128"
I guess that there might be some problem with access rights for “ANONYMOUS
LOGON” user or usage of CspParameters. I also tried to know more about the
error by using the File and Registry Monitoring tools available at
www.sysinternals.com. But I am not able to find out where the exact problem
lies.
- Next message: ourspt: "IIS Application Pool Identity setting problem"
- Previous message: saurabhgarg2k_at_gmail.com: ".Net framework security Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
