locked
symmetric and asymmetric encryption RRS feed

  • Question

  • I have a requirement where i have to encrypt a string on Server A and decrypt on Server B and vice versa. For this i have used symmetric rijndael algorithm where i have written the .cs file containing the necessary function to perform the operations. I am planing to place the .cs file on both the servers and make use of the functions as necessary. would this approach be correct ?
    Wednesday, June 15, 2011 6:17 AM

Answers

  • Hi,

    Yes that approach would be fine. It does mean there will be redundant and duplicated code on each of the servers. Server A will have decryption code, which it doesn't need, and this code wourd be on Server B.... meaning if the code does change it needs to be updated in both places.

    Best bet is to have only the encryption code on Server A and the decryption code on Server B.


    "The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds his castles in the air, from air, creating by exertion of the imagination." - Fred Brooks
    Wednesday, June 15, 2011 7:10 AM
  • Placing the .cs file on a server isn't going to do anyone any good.

    I assume what you mean is compile the same CS file including the encdec routines into assemblies which will be available on both the client and the server.

    And yes, that is fine.  The routines themselves are not special.  The real question you should be asking is how you are protecting your encryption keys, because that's what matters.  Generally the client has the public key and the server has the private key, although there are a variety of techniques.  The Wikipedia article on public key cryptography is pretty good.

    Evan

    Wednesday, June 15, 2011 6:43 PM

All replies

  • Hi,

    Yes that approach would be fine. It does mean there will be redundant and duplicated code on each of the servers. Server A will have decryption code, which it doesn't need, and this code wourd be on Server B.... meaning if the code does change it needs to be updated in both places.

    Best bet is to have only the encryption code on Server A and the decryption code on Server B.


    "The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds his castles in the air, from air, creating by exertion of the imagination." - Fred Brooks
    Wednesday, June 15, 2011 7:10 AM
  • Placing the .cs file on a server isn't going to do anyone any good.

    I assume what you mean is compile the same CS file including the encdec routines into assemblies which will be available on both the client and the server.

    And yes, that is fine.  The routines themselves are not special.  The real question you should be asking is how you are protecting your encryption keys, because that's what matters.  Generally the client has the public key and the server has the private key, although there are a variety of techniques.  The Wikipedia article on public key cryptography is pretty good.

    Evan

    Wednesday, June 15, 2011 6:43 PM