Re: How to encrypt/decrypt a file

I'm new to this to, in fact I just got done with my first real use of encryption and it doesn't sound too different from what you are running into. Here's a little about what I ended up doing, hopefully it'll help.

I created a public/private key pair (RSACryptoServiceProvider) that gets stored in a Key Container on the server. The client is given the public key so they can decrypt stuff the server encrypted with its private key.

When it comes time to actually perform the encryption (on the server, lets say), the server uses a symmetric (one key) algorithm to actually encrypt the target data. This is because public key encryption isn't intended for large data blocks. A problem now arises when using symmetric encryption - how/where do you store that key securely? The answer is... nowhere, you send it along with the encrypted data.

But now we're sending the key along with the data to be unencrypted? Yes, and this is where the public key encryption comes in. The server uses its private key to encrypt the symmetric key that was used to do the bulk encryption (your file).

The client then uses the server's public key to unencrypt the symmetric key (it takes the first X bytes off of the data stream). Once the symmetric key is obtained, the remainder of the data can be fully unencrypted.

It sounds a little overwhelming, but it really isn't hard to work with. I think the hardest part is all of the various terms that get thrown around in the documentation and various articles.

Here's the article that I read (code also available) that really helped me get a handle on it http://msdn.microsoft.com/msdnmag/issues/06/01/SecurityBriefs/


Eric

corey.burnett@xxxxxxxxx wrote:
I have a web application that allows users to download their data to a
file on their computer. Then at a later time they can upload the file
back to the web server and continue working. The file is in XML
format. I want to find a simple way to encrypt the file before I
stream it down to their computer. Then at a later time I will need to
decrypt it when they re-upload it. The user's do not have any type of
account on the server so I am assuming that I will need to use the same
key information for every file that I encrypt. I have done quite a bit
of reading on MSDN about cryptography and still can not make heads or
tails of it. All of the examples that I have seen seem to generate the
key on the fly every time. I need a solution where I store the key
somewhere on the server so that I can use it every time I need to
encrypt a file.

Can anyone point me to a simple example of how to encrypt a file using
a key stored somewhere on the server?

Thanks,
Corey

.

Relevant Pages