.NET Encryption question

I need to talk to an Oracle database maintained by a large organization.  I'll be doing that with a .NET (Desktop) application.  Mostly it's straightforward, but I'm confused by my client's insistence that there be "encryption".   I get the feeling that this is more a CYA kind of request, as the information is not particularly sensitive.

I see encryption classes in .NET and I'm more than willing to dig into them, but I have a basic nagging question.   If I encrypt the information that I'm sending to these guys, how in the world would it be decrypted on their end?  I have absolutely no ability to influence or modify anything on their servers or database.   They've given me credentials with enough rights to run a couple of stored procedures, but that's it.

It seems to me that the communication channel should be encrypted (some kind of HTTPS thing?), and this should not have much else to do with my app.

Can someone give me a leg up here and educate me?   I'm not sure I'm going to get much cooperation on the other end.  I just have a requirement for "encryption" with no further explanation or guidance.

Who is Participating?
Dave HoweConnect With a Mentor Software and Hardware EngineerCommented:
encrypt the connection maybe?

here is how you would do that in standard sqlnet....
BobSacksAuthor Commented:
Thanks!  That's helpful, but it looks like it requires that THEY do something on their end.  Unclear to me that they are willing to do that.  I get the distinct feeling that they just want me to tell them that I "have encryption".

I very much appreciate your response.  Let's let this sit for a day or two to see what others might say.

Dave HoweSoftware and Hardware EngineerCommented:
Sure. but in the meantime, you could ask them what algos they support on their side of the SQLNET link - if they come back with a list, then the problem is solved, if not, it gives them something to think about while you are waiting for other answers :)
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

BobSacksAuthor Commented:
Point taken...  let me toss this at them and see if anything productive comes back.  ;)

Thanks once again!
Rich RumbleConnect With a Mentor Security SamuraiCommented:
You can't talk encrypted if they aren't listening... There has to be some Service Level Agreement between you two, they have to spell out the criteria, and you need to ask if the data might be subject to laws and regulations such as HIPAA, SOX, or PCI/DSS. Then if so, make sure you protect yourself from liability should they be compromised.

If they need guidance in those area's, they know they need encryption but don't know which or at what level (FIPS-140), then that has to be worked out first.
BobSacksAuthor Commented:
Rich -  I have to smile.  I told my contact that someone was going to start talking about HIPAA,  Sarbanes-Oxley or FERPA eventually!     What you say is what I thought.  I don't have much experience with encryption, but it didn't seem logical that you could only do it on one end.

Thanks so much!
Dave HoweSoftware and Hardware EngineerCommented:
Depends on what you are doing with it. If you are storing data for your own use (and only your own use) then you can encrypt it, store it, pull it back when you need it, then decrypt it again before using.

This is the model a lot of backup software now uses - data is encrypted before it goes to the backup device, and only the backup software can decrypt it but that's fine, only the backup software needs to :)

Alternatively, you could store the data encrypted, wait until they ask why it looks like random garbage, and then smile sweetly, give them the key and algo you chose, and let them worry about it. That (while enormously satisfying) isn't likely to result in positive feedback and your invoices paid though :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.