We have an application that periodically requests a couple dozen bytes of data via web service on our web server. The data is specific to the client running the app. We want encrypt the data with a private key on our web server before sending it out. The application would then decode the data with the public key and know that it came from our server.
The public key was to be embedded in the application as a resource.
The .NET implementation of asymetric keys only allows encryption with the public key and decryption with the public key/private key pair. This is the opposite of want we want to do.
We're looking for a suggestion as to how to accomplish this. What we need is for our applications to know that if they can successfully decrypt the data, it must have been encrypted on our web server.
thanks,
Mike
Please suggest a method for issuing encrypted files
TiKu
Hello All.
Mike:
It sounds like what you're after is a digital signature. You want the data to be source-verified to your server, right Or am I missing something
John.Doe
If we used only a digital signature, the data would not be encrypted - we'd have unencrypted data with a digital signature.
I realize that in my scenario our application would have to contain the public key, that key could be discovered by a determined hacker and it would not be too difficult to decrypt the data. We're OK with that:
I'm starting to think that we need to put a symetric key in both our web server and our application to encrypt and decrypt the data. This is not terribly strong, but the protection it provides is as good as my original method. We then digitally sign the encrypted data on our web server. Not as elegant as the original idea, but it achieves the same effect.
Mike
Omicron
Hello All.
Mike:
That sounds like a workable idea. Remember, it doesn't necessarily have to be bullet-proof, just hard enough to make it too much trouble. Luckily, thieves tend to be of the lazy sort.