tags:

views:

184

answers:

0
Q: 

Implementation of Message Level Security using X509 certificates in DotNet

Message Level Security using X509 certificates in DotNet:

Application 1

Certificate: Application 1 holds Certificate 1 and its Private Key

Personal Store: Certificate 1 is installed in the Personal Store of Application 1

Trusted Store: Certificate 2’s public part is installed in the Trusted Store of Application 1

Encryption: Encryption is done with Certificate 2.PublicKey

Signature: Message signing is done with the Certificate1.PrivateKey

Decryption: Decryption is done using Certificate 1.PrivateKey

Signature Verification: Signature verification is done using Certificate2.PublicKey

Application 2

Certificate: Application 2 holds Certificate 2 and its Private Key

Personal Store: Certificate 2 is installed in the Personal Store of Application 2

Trusted Store: Certificate 1’s public part is installed in the Trusted Store of Application 2

Encryption: Encryption is done using Certificate1.PublicKey

Signature: Message signing is done with the Certificate2.PrivateKey

Decryption: Decryption is done with Certificate2.PrivateKey

Signature Verification: Signature verification is done using Certificate1.PublicKey

Please let me know if the above settings/approach is right or if you see any issues with it then please do let me know the same.

Also, please do answer the below queries (Assuming I am setting up Application 1)

1) How the certificate installation should take place, I mean how do I install the below certificates:

a. Certificate 1 in the Personal Store

b. Certificate 2’s public part in the Trusted Store (over here what I need to understand is what is the exact public part and how do I go about installing only the public part of certificate 2 and not the entire certificate)

2) Code Example for Encryption or a link which would show how would I load Certificate 2 from the Trusted store and use it’s public key for encryption

3) Code Example for Signature or a link which would show how would I sign the message with Certificate 1.PrivateKey

4) Code Example for Decryption or a link which would show how would I decrypt the message with Certificate 1.PrivateKey

5) Code Example of Signature Verification or a link which would show how would I verify the signature with Certificate 2.PublicKey

6) Using Asymmetric encryption is there a limit to the message size to be encrypted, if yes how do I get around this problem if my message size exceeds the size limit.

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords