none
In WCF, in both security mode (transport + message), does the sensitive data gets encrypted twice ?

    Question

  • Hello,

    In WCF, in both security mode (transport + message security), does the sensitive data gets encrypted twice on sender

    side ? Plz. give example/links of how to encrypt already encrypted data ?

    Thanks in advance

    Tuesday, April 22, 2014 7:20 AM

Answers

  • Hi,
    >>sensitive data is first encrypted at message level and after that it is sent to SSL transport. Will this SSL transport encrypt the already encrypted data

    As in my first reply said that message security will encrypt the data itself, so then the data will become the encrypted data. Then when in the transport mode, it will encrypt the transport, not the data itself.

    For example you want to send some number in the paper to somewhere, then in the message level, you will encrypt the data with some key like HMAC SHA 256. Then when in the transport mode, you will put a paper in a security car, so the transport is security.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Friday, May 02, 2014 2:01 AM

All replies

  • Hi,

    Transport Security

    When using transport security, the user credentials and claims are passed by using the transport layer. And each transport protocol (TCP, IPC, MSMQ, or HTTP) has its own mechanism for passing credentials and handling message protection.

    Ff648863.CH07-Fig1(en-us,PandP.10).png

    Message Security

    When using message security, the user credentials and claims are encapsulated in every message using the WS-Security specification to secure messages.

    Ff648863.CH07-Fig2(en-us,PandP.10).png

    So when using the message security mode, it will encrypt the message, but when using the transport security mode, then it will encrypt the transport not the message. So in my mind, if you transfer the sensitive data in the messge mode, then it will encrypt the message twice.

    >>Plz. give example/links of how to encrypt already encrypted data ?

    Since your message is already encrypted, so I will suggest you to use the transport mode. Then you can using the windows authentication or certificate authentication.

    #Transport Security with Windows Authentication:
    http://msdn.microsoft.com/en-us/library/ms733089(v=vs.110).aspx .

    #Use Certificate Authentication and Transport Security in WCF:
    http://msdn.microsoft.com/en-us/library/ff650785.aspx .


    Best Regards,
    Amy Peng

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, April 23, 2014 6:54 AM
  • Hello,

    I mean, suppose we want to use BOTH (transport + message security mode) mode, then sensitive data is first encrypted at message level and after that it is sent to SSL transport. Will this SSL transport encrypt the already encrypted data ?

    Thanks in advance


    • Edited by SixtyNine Wednesday, April 23, 2014 7:27 AM
    Wednesday, April 23, 2014 7:23 AM
  • Hi,
    >>sensitive data is first encrypted at message level and after that it is sent to SSL transport. Will this SSL transport encrypt the already encrypted data

    As in my first reply said that message security will encrypt the data itself, so then the data will become the encrypted data. Then when in the transport mode, it will encrypt the transport, not the data itself.

    For example you want to send some number in the paper to somewhere, then in the message level, you will encrypt the data with some key like HMAC SHA 256. Then when in the transport mode, you will put a paper in a security car, so the transport is security.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Friday, May 02, 2014 2:01 AM