Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Certificate Encryption/Decryption Example

Posted on 2006-11-14
6
Medium Priority
?
1,559 Views
Last Modified: 2008-11-20
I need a good, and preferably simple, tutorial on how to create a X.509 certificate and then sample code using that certificate to encrypt and decrypt.  The application I need to integrate the encryption into is on .NET 2.0, and I will take C# or VB code.
0
Comment
Question by:SkipFire
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 13

Accepted Solution

by:
joechina earned 2000 total points
ID: 17940706
Way 1)
http://www.openssl.org/docs/HOWTO/certificates.txt
Way 2)
http://technet2.microsoft.com/WindowsServer/en/library/448dc9ee-eec5-4229-a6e5-64653bc4e1531033.mspx?mfr=true

Please visit http://www.openssl.org to get more information about PKI.


The following are example functions using a PKCS12 cert. (It has both public and private keys) and the result is encoded/decoded by base64.

static string Decrypt(string data)
        {
            X509Certificate2 myCertificate = new X509Certificate2("c:\\temp\\mycerts.p12","123456");
            RSACryptoServiceProvider provider1 = (RSACryptoServiceProvider)myCertificate.PrivateKey;
            byte[] buffer1 = Convert.FromBase64String(data);
            byte[] result = provider1.Decrypt(buffer1,false);
            return (new UnicodeEncoding()).GetString(result);
        }
        static string Encrypt(string data)
        {
            X509Certificate2 myCertificate = new X509Certificate2("c:\\temp\\mycerts.p12", "123456");
            RSACryptoServiceProvider provider1 = (RSACryptoServiceProvider)myCertificate.PublicKey.Key;
            byte[] buffer1 = (new UnicodeEncoding()).GetBytes(data);
            byte[] result = provider1.Encrypt(buffer1, false);
            string b64s = Convert.ToBase64String(result);
            return b64s;
        }

        static bool VerifyData(string data, string signature)
        {
            X509Certificate2 myCertificate = new X509Certificate2("c:\\temp\\mycerts.p12", "123456");
            RSACryptoServiceProvider provider1 = (RSACryptoServiceProvider)myCertificate.PublicKey.Key;
            byte[] sb = Convert.FromBase64String(signature);
            byte[] db = (new ASCIIEncoding()).GetBytes(data);
           return provider1.VerifyData(db, new SHA1CryptoServiceProvider(), sb);
         }

        static string SignData(string data)
        {
            X509Certificate2 myCertificate = new X509Certificate2("c:\\temp\\mycerts.p12", "123456");
            RSACryptoServiceProvider provider1 = (RSACryptoServiceProvider)myCertificate.PrivateKey;
            byte[] db = (new ASCIIEncoding()).GetBytes(data);
             byte[] sb = provider1.SignData(db, new SHA1CryptoServiceProvider());
             return Convert.ToBase64String(sb);
        }
0
 
LVL 4

Author Comment

by:SkipFire
ID: 17940730
Thanks joechina, I was hoping you would find and respond to this.  I'll give it a try and get back to you asap.  This is back on that java junk I was dealing with a month ago.  I can't get .NET to recognize their cert as valid, so I figured I would build a .NET sample end to end and make them encrypt with what I know I can decrypt.
0
 
LVL 4

Author Comment

by:SkipFire
ID: 17940862
I looked through both of the links, but I don't see how I get a PKCS12 certificate from Windows 2003.  I went into the certsrv site and I see a chain download which is a PKCS #7 and if I request a new certificate I see an option to generate a PKCS10.

What is it I am not understanding?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 13

Expert Comment

by:joechina
ID: 17947072
Hi, SkipFire,

Microsoft CA server is to sign the certificate. I think the browser generates the keys and send it to CA server for signing.
For some reason, IE won't let you export the private key. (PKCS12 file). But FireFox does. Please use FireFox and connect to MS CA server and request a personal cert and install it. After that you should be able to export a PKCS12 file from the option menu.

BTW, here is detail description of various PKCS standards.

http://en.wikipedia.org/wiki/PKCS

Good Luck
0
 
LVL 4

Author Comment

by:SkipFire
ID: 17949324
Ok, I've got a certificate that it seems to recognize.  What are the VerifyData and SignData function used for?  Nothing calls either function which is why I'm not seeing their purpose.
0
 
LVL 13

Expert Comment

by:joechina
ID: 18085628
VerifyData and SignData are used for digital signature

For example, if I send you a message and don't care other person can see it or not, I will call SignData(with my private key) and send you both the data and the result string returned by SignData. When you receive them, you can call VerifyData(using my public key) to make sure the message is sent by me not by any other person.

Hope this explains,
(Sorry for the later reply)
0

Featured Post

RHCE - Red Hat OpenStack Prep Course

This course will provide in-depth training so that students who currently hold the EX200 & EX210 certifications can sit for the EX310 exam. Students will learn how to deploy & manage a full Red Hat environment with Ceph block storage, & integrate Ceph into other OpenStack service

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Summary Displaying images in RichTextBox is a common requirement with limited solutions available. Pasting through clipboard or embedding into RTF content only support static images.  This article describes how to insert Windows control objects int…
For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question