encryption - C#.NET Encrypt XML on one machine and Decrypt on other machine -


i need get/put/delete/post message on httpwebrequest.

my request body contains xml.

i need encrypt content in body xml , decrypt on client/receiver side.

i see there multiple ways encrypt xml. 1 of here http://msdn.microsoft.com/en-us/library/sb7w85t6.aspx

but concern is, receiver should able decrypt it. , receiver shoul dbe on different platform might not on .net framework.

can 1 suggest best approach this.

what have tried far:

// create new rijndael key.

            key = new rijndaelmanaged();             // load xml document.             xmldocument xmldoc = new xmldocument();             xmldoc.preservewhitespace = true;             xmldoc.load("test.xml");              // encrypt "creditcard" element.             encrypt(xmldoc, "creditcard", key);              console.writeline("the element encrypted");              console.writeline(xmldoc.innerxml);              decrypt(xmldoc, key);              console.writeline("the element decrypted");              console.writeline(xmldoc.innerxml);

this looks doing job. have concerns key

 key = new rijndaelmanaged(); decrypt(xmldoc, key);

what key, client on different machine , different framework , different technology able decrypt message?

update

after research on few encryption methods, found x509certificate2 best encryption option , client can able decrypt it, if same x509 cert installed on machine. find script encrypt

public static void encrypt(xmldocument doc, string elementtoencrypt, x509certificate2 cert)         {             // check arguments.                if (doc == null)                 throw new argumentnullexception("doc");             if (elementtoencrypt == null)                 throw new argumentnullexception("elementtoencrypt");             if (cert == null)                 throw new argumentnullexception("cert");              xmlelement elementtoencrypt = doc.getelementsbytagname(elementtoencrypt)[0] xmlelement;             // throw xmlexception if element not found.              if (elementtoencrypt == null)             {                 throw new xmlexception("the specified element not found");              }              encryptedxml exml = new encryptedxml();              // encrypt element.             encrypteddata edelement = exml.encrypt(elementtoencrypt, cert);             encryptedxml.replaceelement(elementtoencrypt, edelement, false);         }

if found code decrypt

 public static void decrypt(xmldocument doc)         {             // check arguments.                if (doc == null)                 throw new argumentnullexception("doc");              // create new encryptedxml object.             encryptedxml exml = new encryptedxml(doc);              // decrypt xml document.             exml.decryptdocument();         }

my question decrypt method not asking , x509 key. how decrypting, doesn't need , key decrypt. decryption works on other machines well.

there exist several approaches encryption.

symmetric encryption uses same key encrypt , decrypt data. aes encryption algorithm example of such encryption.

asymmetric (public- , private-key based) encryption uses pair of keys. in mode encrypt data for using public key. uses private key (which don't have , should not have) decrypt data prepared him. asymmetric encryption accomplished using certificate-based pkcs#7 / cms standard or using openpgp.

now xml. can encrypt if binary data using 1 of above methods. or can encrypt using xmlenc standard.

the way use depends on decides or demands encryption format , method. if it's makes decision, decision should based on capabilities (libraries, code) both sides can use , how keys managed (pki bit harder manage symmetric key, in general pki more secure).

just note: our secureblackbox product supports both symmetric , certificate-based encryption (both binary, xmlenc , openpgp) on .net, java , other platforms.


Comments

Post a Comment

Popular posts from this blog

monitor web browser programmatically in Android? -

i've got tricky question here. need users make payment bank (namely barclaycard) in uk. so, have https url , add parameters (such amount pay, order reference, etc) url, start http connection intent.actionview, redirect user browser can enter credit card details on bank's webpage , make payment our account successfully. far ? the code use below (i changed values privacy reasons) problem is, need app when user has completed/failed/cancelled payment. barclaycardautomatically redirects particular url when payment has succeeded, 1 if failed. there no way of knowing when barclaycard payment has succeeded go android app somehow ? button cardbutton = (button) findviewbyid(r.id.card_button); cardbutton.setonclicklistener(new view.onclicklistener() { @override public void onclick(view arg0) { string prehashstring = new string(); string prohashstring = new string(); string shapassphrase = new string(); shapassphrase = "gsvth£h70zkh...
Read more

Shrink a YouTube video to responsive width -

i have youtube video embedded on our website , when shrink screen tablet or phone sizes stops shrinking @ around 560px in width. standard youtube videos or there can add code make go smaller? you can make youtube videos responsive css. wrap iframe in div class of "videowrapper" , apply following styles: .videowrapper { float: none; clear: both; width: 100%; position: relative; padding-bottom: 56.25%; padding-top: 25px; height: 0; } .videowrapper iframe { position: absolute; top: 0; left: 0; width: 100%; height: 100%; } the .videowrapper div should inside responsive element. padding on .videowrapper necessary keep video collapsing. may have tweak numbers depending upon layout.
Read more

wpf - PdfWriter.GetInstance throws System.NullReferenceException -

i'm trying create pdf document using itextsharp 5.3.4 using following document document = new document(); filestream stm = new filestream(filename, filemode.create); pdfwriter writer = pdfwriter.getinstance(document, stm); i'm getting system.nullreferenceexception following stack trace: system.nullreferenceexception occurred hresult=-2147467261 message=la référence d'objet n'est pas définie à une instance d'un objet. source=itextsharp stacktrace: à itextsharp.text.version.getinstance() innerexception: i've verified neither document nor stm null, , if select "continue" in vs12 document created - exception thrown. updated itextsharp 5.4.0 , it's still occurring. can't find information on anywhere - got ideas? make sure not catching exceptions. nullreferenceexception can 1 caught , handled inside itextsharp, don't care it. fact can continue supports theory. change following setting verify: debug -> exceptions ...
Read more