Re: How to encrypt/decrypt a file
- From: "Henning Krause [MVP]" <newsgroups.remove@xxxxxxxxxxxxxxxxx>
- Date: Thu, 16 Feb 2006 00:10:37 +0100
Hello,
I think the OP simply wants to encrypt the xml file to prevent the clients
to edit the clear-text xml files.
A symetric key is useful here. One could use the DPAPI (ProtectedData class
in .NET 2.0). Because the scenario is in a ASP.NET environment, a
machine-wide scope must be used with that API, so anyone running on the same
machine under the same account could decrypt the files. But the clients
could not decrypt it.
Another approach is to create a symetric key and store it somewhere, like a
file or a database table. The storage must then be secured properly by a
strong ACL. So, no bulletproof solution.
I would stick to the ProtectedData API.
Greetings,
Henning
"Mitch Gallant" <jensigner@xxxxxxxxxxxxxxxx> wrote in message
news:eLLw0HoMGHA.1124@xxxxxxxxxxxxxxxxxxxxxxx
That's good! You are then talking about "enveloping" data to the
server.
The OP if I understand correctly, wanted the file to be encrypted to
each client .. which of course is not addressed by enveloping back to the
server.
If data protection on the wire is important to may users, than SSL makes
sense,
potentially with end-user authentication (i.e. possibly user-certificates
to validate users).
Perhaps the OP can clarify exactly what the requirements are.
- Mitch
"Eric Johnson" <ej@xxxxxxxxxxxxxxxxx> wrote in message
news:znLIf.53504$vO1.34889@xxxxxxxxxxxxxxxxxxxxxxxxx
Let me clarify... in the code I just completed, the client is actually
doing the encryption with the public key and the server decrypts with the
private. I misspoke when trying to explain with respect to the problem
Corey is working with.
Thanks for bringing that to my attention... Corey I apologize for the
misstatement.
Mitch Gallant wrote:
"Eric Johnson" <ej@xxxxxxxxxxxxxxxxx> wrote in message
news:qFJIf.22845$6Q3.17878@xxxxxxxxxxxxxxxxxxxxxxxxx
I'm new to this to, in fact I just got done with my first real use of
encryption and it doesn't sound too different from what you are running
into. Here's a little about what I ended up doing, hopefully it'll
help.
I created a public/private key pair (RSACryptoServiceProvider) that
gets stored in a Key Container on the server. The client is given the
public key so they can decrypt stuff the server encrypted with its
private key.
The public key should be considered exactly that .. PUBLIC ..
If you are expecting that the data is ENCRYPTED with the servers private
key, then this is poor security.
What you are doing (encrypting with servers private key .. decrypting
with
corresponding public key on the client) is what digital siganture
verification is about.
Public keys should be considered complely visible publically ..
therefore, the
encryption scheme you are using is not sure at all (even though you
might think
you are protecting the public key for your clients use only?)
- Mitch Gallant
MVP Security
.
- Follow-Ups:
- Re: How to encrypt/decrypt a file
- From: Mitch Gallant
- Re: How to encrypt/decrypt a file
- References:
- How to encrypt/decrypt a file
- From: corey . burnett
- Re: How to encrypt/decrypt a file
- From: Eric Johnson
- Re: How to encrypt/decrypt a file
- From: Mitch Gallant
- Re: How to encrypt/decrypt a file
- From: Eric Johnson
- Re: How to encrypt/decrypt a file
- From: Mitch Gallant
- How to encrypt/decrypt a file
- Prev by Date: Re: ReflectionPermission weird behavior?
- Next by Date: Re: How to encrypt/decrypt a file
- Previous by thread: Re: How to encrypt/decrypt a file
- Next by thread: Re: How to encrypt/decrypt a file
- Index(es):
Relevant Pages
|
