Message Level Security using X509 certificates in DotNet:
Application 1
Certificate: Application 1 holds Certificate 1 and its Private Key
Personal Store: Certificate 1 is installed in the Personal Store of Application 1
Trusted Store: Certificate 2’s public part is installed in the Trusted Store of Application 1
Encryption: Encryption is done with Certificate 2.PublicKey
Signature: Message signing is done with the Certificate1.PrivateKey
Decryption: Decryption is done using Certificate 1.PrivateKey
Signature Verification: Signature verification is done using Certificate2.PublicKey
Application 2
Certificate: Application 2 holds Certificate 2 and its Private Key
Personal Store: Certificate 2 is installed in the Personal Store of Application 2
Trusted Store: Certificate 1’s public part is installed in the Trusted Store of Application 2
Encryption: Encryption is done using Certificate1.PublicKey
Signature: Message signing is done with the Certificate2.PrivateKey
Decryption: Decryption is done with Certificate2.PrivateKey
Signature Verification: Signature verification is done using Certificate1.PublicKey
Please let me know if the above settings/approach is right or if you see any issues with it then please do let me know the same.
Also, please do answer the below queries (Assuming I am setting up Application 1)
1) How the certificate installation should take place, I mean how do I install the below certificates:
a. Certificate 1 in the Personal Store
b. Certificate 2’s public part in the Trusted Store (over here what I need to understand is what is the exact public part and how do I go about installing only the public part of certificate 2 and not the entire certificate)
2) Code Example for Encryption or a link which would show how would I load Certificate 2 from the Trusted store and use it’s public key for encryption
3) Code Example for Signature or a link which would show how would I sign the message with Certificate 1.PrivateKey
4) Code Example for Decryption or a link which would show how would I decrypt the message with Certificate 1.PrivateKey
5) Code Example of Signature Verification or a link which would show how would I verify the signature with Certificate 2.PublicKey
6) Using Asymmetric encryption is there a limit to the message size to be encrypted, if yes how do I get around this problem if my message size exceeds the size limit.