Re: How to encrypt/decrypt a file
- From: "Mitch Gallant" <jensigner@xxxxxxxxxxxxxxxx>
- Date: Wed, 15 Feb 2006 18:45:36 -0500
If the clients' don't need to decrypt the file at all, then either a server-side private key,
or DPAPI solution makes sense (but is not portable).
A server-side certificate (with enveloping to THAT certificate) would also be a good
choice and would be portable.
- Mitch
"Henning Krause [MVP]" <newsgroups.remove@xxxxxxxxxxxxxxxxx> wrote in message
news:O3kCJUoMGHA.648@xxxxxxxxxxxxxxxxxxxxxxx
Hello,
I think the OP simply wants to encrypt the xml file to prevent the clients to edit the clear-text
xml files.
A symetric key is useful here. One could use the DPAPI (ProtectedData class in .NET 2.0). Because
the scenario is in a ASP.NET environment, a machine-wide scope must be used with that API, so
anyone running on the same machine under the same account could decrypt the files. But the clients
could not decrypt it.
Another approach is to create a symetric key and store it somewhere, like a file or a database
table. The storage must then be secured properly by a strong ACL. So, no bulletproof solution.
I would stick to the ProtectedData API.
Greetings,
Henning
"Mitch Gallant" <jensigner@xxxxxxxxxxxxxxxx> wrote in message
news:eLLw0HoMGHA.1124@xxxxxxxxxxxxxxxxxxxxxxx
That's good! You are then talking about "enveloping" data to the
server.
The OP if I understand correctly, wanted the file to be encrypted to
each client .. which of course is not addressed by enveloping back to the
server.
If data protection on the wire is important to may users, than SSL makes sense,
potentially with end-user authentication (i.e. possibly user-certificates to validate users).
Perhaps the OP can clarify exactly what the requirements are.
- Mitch
"Eric Johnson" <ej@xxxxxxxxxxxxxxxxx> wrote in message
news:znLIf.53504$vO1.34889@xxxxxxxxxxxxxxxxxxxxxxxxx
Let me clarify... in the code I just completed, the client is actually doing the encryption with
the public key and the server decrypts with the private. I misspoke when trying to explain with
respect to the problem Corey is working with.
Thanks for bringing that to my attention... Corey I apologize for the misstatement.
Mitch Gallant wrote:
"Eric Johnson" <ej@xxxxxxxxxxxxxxxxx> wrote in message
news:qFJIf.22845$6Q3.17878@xxxxxxxxxxxxxxxxxxxxxxxxx
I'm new to this to, in fact I just got done with my first real use of encryption and it
doesn't sound too different from what you are running into. Here's a little about what I
ended up doing, hopefully it'll help.
I created a public/private key pair (RSACryptoServiceProvider) that gets stored in a Key
Container on the server. The client is given the public key so they can decrypt stuff the
server encrypted with its private key.
The public key should be considered exactly that .. PUBLIC ..
If you are expecting that the data is ENCRYPTED with the servers private
key, then this is poor security.
What you are doing (encrypting with servers private key .. decrypting with
corresponding public key on the client) is what digital siganture verification is about.
Public keys should be considered complely visible publically .. therefore, the
encryption scheme you are using is not sure at all (even though you might think
you are protecting the public key for your clients use only?)
- Mitch Gallant
MVP Security
.
- Follow-Ups:
- Re: How to encrypt/decrypt a file
- From: bradbury9
- Re: How to encrypt/decrypt a file
- References:
- How to encrypt/decrypt a file
- From: corey . burnett
- Re: How to encrypt/decrypt a file
- From: Eric Johnson
- Re: How to encrypt/decrypt a file
- From: Mitch Gallant
- Re: How to encrypt/decrypt a file
- From: Eric Johnson
- Re: How to encrypt/decrypt a file
- From: Mitch Gallant
- Re: How to encrypt/decrypt a file
- From: Henning Krause [MVP]
- How to encrypt/decrypt a file
- Prev by Date: Re: How to encrypt/decrypt a file
- Next by Date: Re: fxcop and link demands
- Previous by thread: Re: How to encrypt/decrypt a file
- Next by thread: Re: How to encrypt/decrypt a file
- Index(es):
Relevant Pages
|
