• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1029
  • Last Modified:

Encrypt a cookie using asp.net and c# with a public key

hi there all, i was given a public key from our business partner to encrypt user cookies going from our web site to our partners site.  i got a file that looks like this..

obviously its a lot longer.  is there a place i can put that public key into the web.congif file on my server and call it to encrypt the userID on my end before i redirect the user to our partners site?  similar to using the connection string in the web.config file.  i was informed by our partner that the encryption has to be base64.  not sure what that means.  

do i need to use DES, Triple DES or something different?

        private static byte[] key = ?????;
        private static byte[] IV = ?????;
        private static string stringKey = "!5663a#KN";

the code above is from this site:

to summarize, i want to transfer a user from our site to our partners site storing user information in an encrypted cookie using the public key given to me by our partner.  users will also be coming back to my server in which case i'll have to decrypt using the same key.  

this is very urgent.  any help in the right direction would be greatly appreciated!!
  • 4
  • 3
1 Solution
Alpesh PatelCommented:
Every Encryption algorithm has different style to encrypt even if the Public Key is same.

You need to first ask them what encryption or decryption algorithm they are going to use.

so according to that you need to implement your encryption code with using the same key what they supplied.

cay187Author Commented:
they are using ruby on rails and we do have a wildcard SSL for the domain.  we are using the same domain using a CNAME to point users to their servers.  it looks like they sent me a certificate of some sort, no?  

so in your opinion they have not given me enough information to encrypt or decrypt a cookie?
Alpesh PatelCommented:

actually this encryption called as Asymmetric encryption algorithm.

check this ref :http://www.networksorcery.com/enp/data/encryption.htm

in asymmetric encryption sender will use some sort of private key and receiver will use some sort of public key to do encryption and decryption.

now your provider provide you public key that you will have to use to encrypt data, and your provider will use correspondent private key to decrypt the data.

now again question is which algorithm you should use to make encryption, if you will use different algorithm then they gonna use then they will not be able to decrypt the data.

so ask them for algorithm

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

cay187Author Commented:
since we are sending traffic back and forth from server to server, do we both need to issue a public/private key or is it good enough that only one of us do that?
cay187Author Commented:
i have found out some information from my server partner.  i some what understand the code of getting asp.net and c# to encrypt and decrypt the string.  my partner informed me that i am to use RSA as the encryption type.  the key he sent me is in a ".pem" format.  do i need to convert that ".pem" file to another file type in order for .net to read it better?

 now, is there a way i can place the key in the web.config file?  is that not a good practice?  if that's okay to do, how and where do i put it?  similar to the connection string in the appsettings?
or should i place the file in the registry? and if i place it int he registry, how will my asp.net app read the key?  do i still have to place a reference in the web.config file?

i know it's a lot of questions but
Alpesh PatelCommented:
yes, you can place that key in web.config and that is the only good practice.
now about registry, it would work around but it i not good practice to place it on the registry.

The alternate solution is to place that key in to the database and access that key everytime you need to do encryption.
cay187Author Commented:
do you have any code that would show me how and where to place the public key in the web.config?  all i find on the internet is about how to encrypt sections of the web.config file using rsa like the connection string but not how to place the key IN the web.config file.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now