Encrypt a cookie using asp.net and c# with a public key

hi there all, i was given a public key from our business partner to encrypt user cookies going from our web site to our partners site.  i got a file that looks like this..
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgK
---END PUBLIC KEY-----

obviously its a lot longer.  is there a place i can put that public key into the web.congif file on my server and call it to encrypt the userID on my end before i redirect the user to our partners site?  similar to using the connection string in the web.config file.  i was informed by our partner that the encryption has to be base64.  not sure what that means.  

do i need to use DES, Triple DES or something different?

        private static byte[] key = ?????;
        private static byte[] IV = ?????;
        private static string stringKey = "!5663a#KN";

the code above is from this site:
http://nayyeri.net/how-to-encrypt-query-string-parameters-in-asp-net

to summarize, i want to transfer a user from our site to our partners site storing user information in an encrypted cookie using the public key given to me by our partner.  users will also be coming back to my server in which case i'll have to decrypt using the same key.  

this is very urgent.  any help in the right direction would be greatly appreciated!!
cay187Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alpesh PatelCommented:
Every Encryption algorithm has different style to encrypt even if the Public Key is same.

You need to first ask them what encryption or decryption algorithm they are going to use.

so according to that you need to implement your encryption code with using the same key what they supplied.

0
cay187Author Commented:
they are using ruby on rails and we do have a wildcard SSL for the domain.  we are using the same domain using a CNAME to point users to their servers.  it looks like they sent me a certificate of some sort, no?  

so in your opinion they have not given me enough information to encrypt or decrypt a cookie?
0
Alpesh PatelCommented:
no

actually this encryption called as Asymmetric encryption algorithm.

check this ref :http://www.networksorcery.com/enp/data/encryption.htm

in asymmetric encryption sender will use some sort of private key and receiver will use some sort of public key to do encryption and decryption.

now your provider provide you public key that you will have to use to encrypt data, and your provider will use correspondent private key to decrypt the data.

now again question is which algorithm you should use to make encryption, if you will use different algorithm then they gonna use then they will not be able to decrypt the data.

so ask them for algorithm

0
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

cay187Author Commented:
since we are sending traffic back and forth from server to server, do we both need to issue a public/private key or is it good enough that only one of us do that?
0
cay187Author Commented:
i have found out some information from my server partner.  i some what understand the code of getting asp.net and c# to encrypt and decrypt the string.  my partner informed me that i am to use RSA as the encryption type.  the key he sent me is in a ".pem" format.  do i need to convert that ".pem" file to another file type in order for .net to read it better?

 now, is there a way i can place the key in the web.config file?  is that not a good practice?  if that's okay to do, how and where do i put it?  similar to the connection string in the appsettings?
or should i place the file in the registry? and if i place it int he registry, how will my asp.net app read the key?  do i still have to place a reference in the web.config file?

i know it's a lot of questions but
0
Alpesh PatelCommented:
yes, you can place that key in web.config and that is the only good practice.
now about registry, it would work around but it i not good practice to place it on the registry.

The alternate solution is to place that key in to the database and access that key everytime you need to do encryption.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cay187Author Commented:
do you have any code that would show me how and where to place the public key in the web.config?  all i find on the internet is about how to encrypt sections of the web.config file using rsa like the connection string but not how to place the key IN the web.config file.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.