Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / April 2005

Tip: Looking for answers? Try searching our database.

Encryption Problem

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
John Wieland - 26 Apr 2005 07:10 GMT
Hi,
I'm working on a small client/server application which communicates using
SOAP messages secured by the new WSE2.0 Encryption and Digital Signature.

I've been finding that when I send a message encrypted with someones public
key that the other end can then decrypt the message with only the public key
certificate present in the certificate store. If the certificate with the
public key is not present in the certificate store then the message is
rejected. As soon as I install the certificate which only has the public key
in it to the certificate store the message is decrypted and allowed through
the SOAP filters.

This is a pretty big problem as public certificates are intended to be just
that, "Public", and be publicly available by some means. So what good is
encrypting a message if anyone with the public certificate is able to decrypt
it? Is there a setting I am not aware of?

Thanks
John Wieland jwieland@spyrus.com.au
Reply to this Message
Hernan de Lahitte - 27 Apr 2005 13:56 GMT
As you stated right, you need only the public key to encrypt the message and
the private key associated to that public key to decrypt that message. I
would suggest you to verify if you don't have a private key installed on
your server testing machine. Try with some certificate that you never
installed on that machine and send the encrypted message from another
machine so you may be sure that on the server side you are not using the
private key associated to the public key you are using to encrypt on the
client side.

Signature

Hernan de Lahitte
http://clariusconsulting.net/hdl

> Hi,
> I'm working on a small client/server application which communicates using
[quoted text clipped - 21 lines]
> Thanks
> John Wieland jwieland@spyrus.com.au
Reply to this Message
John - 29 Apr 2005 02:36 GMT
Thanks Hernan,
When I tried encrypting a message using a Public Cert for which I could not
possibly access the private cert (another staff member in a far off location)
the encryption works as expected.

I guess there must be some issues with Microsofts Certificate Store or
myself not deleting keys correctly. Any ideas what I may be doing wrong? I
usually just go into Certificate Store through mmc and delete the private
certificates from there using right-click->delete.

Cheers
John

> As you stated right, you need only the public key to encrypt the message and
> the private key associated to that public key to decrypt that message. I
[quoted text clipped - 30 lines]
> > Thanks
> > John Wieland jwieland@spyrus.com.au
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.