Newbie question

---

• From: "Jason" <JasonJason@xxxxxxxxxxxxx>
• Date: Thu, 10 May 2007 15:06:50 -0700

---

OK, go easy, I'm a crypto-newbie, and also not sure if this is the right
group for this posting.

Here's the scenario:

I have a web site and want business partners to be able to link to my web
site from theirs, so I provide them the html syntax they can put on their
site to link to an .aspx page on mine.

If a user is signed on their site, I want that user to be signed on on my
site, so these corporate partners also have the option of sending additional
information in the querystring of this link that relays information about
the user currently logged in at their site (user id, name, etc.).

e.g. href='http://www.abc.com/target.aspx?id=123456&username=jason'

I want this information to be encrypted so it is secure

e.g. href='http://www.abc.com/target.aspx?id=h5gv2k&username=e6fy1'

When my target.aspx page gets the request, I can look for the querystring
parameters (username, id, etc.), decrypt the values, and take some action.

Here's my approach:

After doing some reading, it seems like public-key encryption is the way to
go. I would provide a public key for each corporate partner to use for
encrypting these values, and retain a private key for each partner that I
could use to decrypt the data in the code behind my target.aspx page.

To do this, I'd use either the DSACryptoServiceProvider class or the
RSACryptoServiceProvider class.

So I have some questions:

1. Will my corporate partners be able to encrypt their data using the RSA
(or DSA) library of their choosing?

2. Must they use the same certain version to encrypt the text as I'll be
using to decrypt the text? A platform-specific version?

3. Which of these is the better choice?

4. Any gotchas I should be aware of (certificates that need to be installed
on the server, etc.)?

and finally, to keep an open mind,

5. Is there a better way to solve this need?


TIA,

/jason


.

---

• Follow-Ups:
  • Re: Newbie question
    • From: Joe Kaplan

• Prev by Date: Re: Accessing certificate store from ASP.NET web project
• Next by Date: Re: Newbie question
• Previous by thread: Accessing certificate store from ASP.NET web project
• Next by thread: Re: Newbie question
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: encryption ... > We need to do user/password validation for a web site from a file on a d3 ... I know how to encrypt a password in D3 but would like to encrypt ... ** Encrypt and decrypt a string using a seed. ... ** assign the encrypt/decrypt multiplier ... (comp.databases.pick) Re: First time encrypter - advise please ... IŽll try the web site you suggested because 100 dollars is a lot of ... >> I only need software to encrypt documents on my harddrive. ... >PGP is a good choice, including PGPDisk if you want to encrypt a whole ... there are some organizations like the Crypto Rights foundation ... (sci.crypt) Best Practices Question #3 ... I am deploying a new asp.net web site on IIS. ... I want to encrypt my database connection strings... ... (microsoft.public.dotnet.framework.aspnet) Can web site data be protected from access by the webmasters? ... One of my client's was interested in a web site and has contracted with someone to do it. ... The person doing the site for the client is in the same industry as the client's. ... A "secure" web site uses HTTPS/SSL encrypt the HTTP messages to and from the server ... (microsoft.public.sqlserver.security) Re: Can web site data be protected from access by the webmasters? ... > I have advised the client to be wary of security. ... > I replied "Who ever has control over the web site has access to all the ... > Does anyone know of any way that a web site with SQL Server DB can be made ... > But I don't see that there could be any way to completely encrypt that ... (microsoft.public.sqlserver.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)