I am trying to create a class that will encode and decode a string using System.Security.Cryptography.RijndaelManaged (although I would be willing to use any methodology that is relatively secure). To perform the encoding, both the sender and reciever of the encrypted message must have access to a secret private key. There is a sample in the documentation that shows how to do this, but the sample encrypts and decrypts the message in the same procedure, and the code to decrypt the message uses the same variable referencing the key as the encrypting code does. Of course, in a real application this wouldn't occur (the reciever of the message might be on a tottally different machine). How and where should I store the private key? Do you just hard code it in to the code?...Wouldn't that be visible via ildasm.exe?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Where to store a private key
- Thread starter DevonTaig
- Start date
I give you here an example from which you can find a solution but there are other ways.
Let be "compress" an application which compress and encrypt files.
Let be "decompress" the application on the other hand which decompress and decrypt the encrypted files by the compress application.
A file is compressed and encrypted on the machine1, sent via ftp to the machine2.
On the machine2 the file should be decrypted and decompressed.
The encryption algorithm is using a private key like one you are looking.
How is managed the encryption key ?
The solution is to have a separate KeyManagement application with the purpose to create and manage the private key at a given level, for instance the enterprise level.
For a client that wants to use the above “compress” to encrypt a file , that client must obtain from the KeyManagement a file which contains that private key (also encrypted), let name it "keyfile".
The KeyManagement generate "keyfiles" and distribute these files to the clients ( in this case the clients of the “compress” and “decompress” ).
When encrypting ,the "compress" application reads the “keyfile” , decrypt the private key and perform encryption.
On the other hand when decrypting the same “keyfile” should be obtained , "decompress" read it, get the private key and use this key in the decryption process.
As you can see, for the project P1 , KeyManagement generates a “keyfile” and distribute it. The users of this “keyfile” no need to know the private key. The private key is known only by the KeyManagement. If the “keyfile” is lost then the KeyManagement will provide for the P1 Project the same “keyfile”.
You have to implement a KeyManagement application to generate encrypted private keys. You C# application needs to read that “keyfile” to extract the private key before performing any encryption.
Another application that receives something encrypted should have the same “keyfile” obtained from the KeyManagement , extract the private key and use it when decrypting.
Hope this example will help you to find out a design.
-obislavu-
Let be "compress" an application which compress and encrypt files.
Let be "decompress" the application on the other hand which decompress and decrypt the encrypted files by the compress application.
A file is compressed and encrypted on the machine1, sent via ftp to the machine2.
On the machine2 the file should be decrypted and decompressed.
The encryption algorithm is using a private key like one you are looking.
How is managed the encryption key ?
The solution is to have a separate KeyManagement application with the purpose to create and manage the private key at a given level, for instance the enterprise level.
For a client that wants to use the above “compress” to encrypt a file , that client must obtain from the KeyManagement a file which contains that private key (also encrypted), let name it "keyfile".
The KeyManagement generate "keyfiles" and distribute these files to the clients ( in this case the clients of the “compress” and “decompress” ).
When encrypting ,the "compress" application reads the “keyfile” , decrypt the private key and perform encryption.
On the other hand when decrypting the same “keyfile” should be obtained , "decompress" read it, get the private key and use this key in the decryption process.
As you can see, for the project P1 , KeyManagement generates a “keyfile” and distribute it. The users of this “keyfile” no need to know the private key. The private key is known only by the KeyManagement. If the “keyfile” is lost then the KeyManagement will provide for the P1 Project the same “keyfile”.
You have to implement a KeyManagement application to generate encrypted private keys. You C# application needs to read that “keyfile” to extract the private key before performing any encryption.
Another application that receives something encrypted should have the same “keyfile” obtained from the KeyManagement , extract the private key and use it when decrypting.
Hope this example will help you to find out a design.
-obislavu-
If you want to use public/private key encryption (RSA) the sender of data would encrypt the data using a public key (which can only encrypt) and the server or reciever of the data would be able to decrypt the data using the private key. Using this method you can distribute the public key as long as you protect the private key (on your server).
I have written a class for this that you could look at:
This may not be a complete solution and it may not suit your needs, but if it helps... have at it.
In the past where I required clients to submit encrypted data, I have provided a webservice that does the encryption, which is another way that you can control the keys.
I have written a class for this that you could look at:
This may not be a complete solution and it may not suit your needs, but if it helps... have at it.
In the past where I required clients to submit encrypted data, I have provided a webservice that does the encryption, which is another way that you can control the keys.
- Thread starter
- #4
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question