Re: Encrypting using RSA private Key



Yes, you should definitely encrypt with the server's public key and sign
with the user's private key. If you were using SSL with client cert auth,
it would just do all this for you. WS-Security could also take care of all
of this as well. If you really want to do it by hand, you might want to
consider packaging the encrypted and signed data using an EnvelopedCms
message, as the underlying PKCS#7 format is designed specifically for
exchanging these types of messages.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jeronimo Bertran" <jeronimo.bertran@xxxxxxxxxxxxxxxx> wrote in message
news:Xns9A7AB9741F9F4publicjbbertrancom@xxxxxxxxxxxxxxxx
Thanks Joe,

The data that we are transmitting is encrypted using a 3DES key.. The key
is encrypted by a user and both the encrypted key and data are sent to a
web service that stores the public keys of all users that can send
information to it.

It made sense to encrypt the 3DES key using the private key but we will
now
change the scheme and encrypt the key using the server's public key and
signed with the user's private key.



.