|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Correctly using RSACryptoServiceProvider?I am writing a simple client-server app and the client sends requests to the server. The client and server communicate using sockets. I want to encrypt the client request using servers public key. This is what I am currently doing...In the setup program, I created an object of RSACryptoServiceProvider...That essentially creates a new public/private key pair, right? So, I exported both the keys in xml and stored it on the local filesystem. So, now the client has access to the servers public key xml file. Now, when the client wants to send the request this is what I am doing... RSACryptoServiceProvider * pobjRSACrypto = new RSACryptoServiceProvider(); pobjRSACrypto->FromXmlString (strServerPublicKey); //strServerPublicKey is the contents of the ServerPublicKey.xml Byte byteEncrypted[] = pobjRSACrypto->Encrypt(byteData, false); Now the server does the following RSACryptoServiceProvider * pobjRSACrypto1 = new RSACryptoServiceProvider(); pobjRSACrypto1->FromXmlString(strServerKeyPair); //strServerKeyPair has the contents of the ServerKeyPair.xml Byte byteDecryptedText [] = pobjRSACrypto1->Decrypt(byteEncrypted, false); String * strDecryptedText = pAscii->GetString(byteDecryptedText); But, this is what i have observed: Even though I am encrypting the same plain text, the resulting encrypted text is different every time....Is that right? Also, the decryption using the private key works...I am just wondering if I am using the APIs correctly....I mean I am not using a new key pair every time, right? Also, is FromXml() should acheive the same as ImportParameters() right? In short my idea is, generate the key pair once, have it on the local filesystem and then at run time use that to encrypt and decrypt... Please let me know if I am doing somethin wrong OR if my understanding is wrong somewhere? Thanks, Neelay This reply is not an attempt to answer the questions you asked, but i wanted
to make a comment - You mentioned you would like to encrypt communications between the client and server. Because RSA can be used to do more than provide confidentialy, you might be over-engineering the solution. If you would just like to protect yourself from an intermediate party being able to read the transactions going over the wire you could just SSL. This will also not require you to store the servers public key on the client, and get rid of the whole key management issue. Right. And if using sockets, you can use 2.0s SslStream authenticated
stream class. -- Show quoteHide quoteWilliam Stacey [MVP] "Jas" <J**@discussions.microsoft.com> wrote in message news:2A598EC7-6B82-40BD-BB89-59122252AE7B@microsoft.com... > This reply is not an attempt to answer the questions you asked, but i > wanted > to make a comment - You mentioned you would like to encrypt > communications > between the client and server. Because RSA can be used to do more than > provide confidentialy, you might be over-engineering the solution. If you > would just like to protect yourself from an intermediate party being able > to > read the transactions going over the wire you could just SSL. This will > also > not require you to store the servers public key on the client, and get rid > of > the whole key management issue. 
Other interesting topics
LogonUser
Can i run more then one session on the computer? TripleDESCryptoServiceProvider Code Signing Certificates for individuals / open-source data size and RSA encryption Delegation across trusted domains simple way to encrypt data security engineering for windows forms aspnet users permission under SSL on windows server 2003 how to get the number of milliseconds between two System.DateTime objects |
|||||||||||||||||||||||
