Awal Perpustakaan Pelajari Kode Download Dukungan Komunitas Forums
Microsoft Developer Network >
XML Digital Signatures - sercurity question

Jawab XML Digital Signatures - sercurity question

  • 08 Maret 2012 10:21
     
     
    Masuk untuk Memilih
    0

    Basically, i've started from here...
    http://social.msdn.microsoft.com/Forums/en-US/clr/thread/90c5af5e-63f2-4bce-aa93-df4dedd9b4d4

    Here's what I've done:

    I've generated private/public keys from SHA1CryptoServiceProvider.
    Then with my private key I generated an xml file with an enveloped signature.
    When I got to read back that file, I need my public key.

    Now, suppose that some malicious user will look the structure of the file, he can make it's own copy with his keys, and replace my public key with his one, and validate his file.

    Is there a way to prevent my xml file to be modified? maybe encrypt that file?

    How can I secure my keys?

    Thanks

     

Semua Balasan

  • 12 Maret 2012 6:39
    Moderator
     
     
    Masuk untuk Memilih
    0

    Hi DevRex,

    Welcome to the MSDN forum.

    According your description, I think one possible way is to encrypt your XML file to prevent it to be modified.

    And there are some ways to make the goal, such as Asymmetric Keys, Symmetric Keys, X.509 Certificates and so on. The followings are some links related encrypt a XMl file for your reference, all of them have a decrypt solution:

    http://msdn.microsoft.com/en-us/library/ms229749.aspx 

    http://msdn.microsoft.com/en-us/library/ms229746.aspx

    http://msdn.microsoft.com/en-us/library/sb7w85t6.aspx

    http://msdn.microsoft.com/en-us/library/ms229744.aspx

    Hope it helps.

    Best Regards,
    Rocky Yue[MSFT]
    MSDN Community Support | Feedback to us

     
  • 12 Maret 2012 8:45
     
     
    Masuk untuk Memilih
    0

    Thank you for these useful links.

    In my scenario, I need to deploy my xml file.

    So when I create my keys locally, then I export the public key in an xml file with RSACryptoServiceProvider.ToXmlString() method and read back with RSACryptoServiceProvider.FromXmlString() method.

    Now here's a dumb question:

    Are there some benefits of using CspParameters.KeyContainerName? Or it's only for a local usage?

    Thank you.


     
  • 13 Maret 2012 3:30
    Moderator
     
     
    Masuk untuk Memilih
    0

    As MSDN document said: Asymmetric private keys should never be stored verbatim or in plain text on the local computer. If you need to store a private key, you should use a key container. One of the benefits of using it I think should be safety.

    And for local or net work usage, I think it mainly due to the XMl string coming from. You can try to load a XML from a net site.

    The following is an example for your reference:

    http://msdn.microsoft.com/en-us/library/tswxhw92(v=vs.80).aspx 

    Hope it helps.

    Best Regards,
    Rocky Yue[MSFT]
    MSDN Community Support | Feedback to us

    • Disarankan sebagai Jawaban oleh Lie YouModerator 15 Maret 2012 3:34
    • Saran Jawaban dibatalkan oleh DevRex 19 Maret 2012 11:16
    •  
     
  • 13 Maret 2012 9:07
     
     Jawab
    Masuk untuk Memilih
    1

    Thank you for the reply.

    I did a bit of confusion between Encription/Decription and Digital signatures.

    I looked HERE, and now I have the ideas a little clearer.

    Basically, I cannot Encrypt with my private key and decrypt with my public key.

    I've already signed my document with an enveloped Digital Signature and I think that using RSACryptoServiceProvider class with SignData/VerifyData methods it's ok...

    Thank you for your help.




    • Diedit oleh DevRex 19 Maret 2012 11:17
    • Ditandai sebagai Jawaban oleh DevRex 19 Maret 2012 11:17
    •  
     
© 2013 Microsoft. All rights reserved.
|
Tanggapan Situs