Re: Encrypting using RSA private Key
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 8 Apr 2008 21:16:42 -0500
Yes, you should definitely encrypt with the server's public key and sign
with the user's private key. If you were using SSL with client cert auth,
it would just do all this for you. WS-Security could also take care of all
of this as well. If you really want to do it by hand, you might want to
consider packaging the encrypted and signed data using an EnvelopedCms
message, as the underlying PKCS#7 format is designed specifically for
exchanging these types of messages.
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
"Jeronimo Bertran" <jeronimo.bertran@xxxxxxxxxxxxxxxx> wrote in message
The data that we are transmitting is encrypted using a 3DES key.. The key
is encrypted by a user and both the encrypted key and data are sent to a
web service that stores the public keys of all users that can send
information to it.
It made sense to encrypt the 3DES key using the private key but we will
change the scheme and encrypt the key using the server's public key and
signed with the user's private key.