Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Encryption using X.509

Reply
Thread Tools

Encryption using X.509

 
 
David Smith
Guest
Posts: n/a
 
      04-06-2005
I have writen a class that uses certificates to encrypt
data on my web servers prior to storing it in a database
and would like to know if there are any flaws associated
with this design. I chose this because there are no keys
to manage in configuration files and certificates are
already in use for web service security using WSE 2.0. It
takes a string and encrypts it and passes back the
ecrypted string for storage in the database. Web servers
have the public key for encryption while the backend
servers (not public facing) have the public and private
keys which can be used for encrypting and decrypting the
data for various processes.
 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      04-06-2005
Generally, RSA encryption is only used for encrypting small pieces of data
(11 bits less than the key length) such as a symmetric encryption key. So,
this might work for small strings, but probably isn't a good idea for large
data.

For large data, you typically encrypt with a symmetric algorithm and then
store the symmetric key encrypted via RSA so that you can decrypt the
symmetric key with the RSA private key then perform the rest of the
decryption.

Joe K.

"David Smith" <(E-Mail Removed)> wrote in message
news:0db001c53a4a$a5b04230$(E-Mail Removed)...
>I have writen a class that uses certificates to encrypt
> data on my web servers prior to storing it in a database
> and would like to know if there are any flaws associated
> with this design. I chose this because there are no keys
> to manage in configuration files and certificates are
> already in use for web service security using WSE 2.0. It
> takes a string and encrypts it and passes back the
> ecrypted string for storage in the database. Web servers
> have the public key for encryption while the backend
> servers (not public facing) have the public and private
> keys which can be used for encrypting and decrypting the
> data for various processes.



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Which hard drive encryption program has the strongest tested encryption & security? =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D=5B:::::::::::::::=BB?= Computer Security 6 02-20-2008 01:35 PM
WRT54G v1.1 unstable when using WEP encryption mdesjard Wireless Networking 1 06-08-2006 01:52 AM
using wireless router default encryption keys, dangerous? none Wireless Networking 2 03-04-2006 02:49 PM
Encryption using an offset file Gactimus C++ 4 11-17-2004 02:31 PM
Using OE 6 encryption or digital signing David Computer Support 0 07-09-2004 01:43 PM



Advertisments