Making your application data secure in .NET by RSA encryption

Technorati Tags:

Being an web site owner, make your life S**k.  Its not that, having a personal site is bad, its feel great, but maintaining it is the hard part. first you have to keep it looking cool, and somewhat secure enough that some maniac can't hack it (at least easily), besides other overheads of uploading your pages via FTP to web server.

One day, I was trying to upload the pages to an FTP, but damn the "Trial version expired" popped up. Since, I was f**ked up using trial and "free" wares. So, I decided to make my own FTP client in .net.

The among the initial problems, that I got across during development was making password and other data secure, for that I relied on encrypting data by RSA, and serializing it to a binary file. The .NET here comes to rescue (I didn't need to implement RSA).

The .NET framework provides the RSACryptoServiceProvider namespace that provides seamless RSA encryption and decryption functions.

Here is how it goes:

using System.Security.Cryptography;

RSACryptoServiceProvider RSCP = new RSACryptoServiceProvider();

//Encryption: Encrypts an normal byte[]

Byte[] RSCP.Encrypt(Byte[] string, bool fOAEP)

//Decryption:Decrypts an encrypted byte[]

Byte[] RSCP.Decrypt(Byte[] string, bool fOAEP)

You need to use same RSACryptoServiceProvider for encryption and decryption, so you will need to serialize the RSACryptoServiceProvider object to physical memory.

RSACryptoServiceProvider provides 2 functions for this

For Binary (using Binary Formatter) serialization:

RSCP.ExportCSPBlob(bool)

RSCP.ImportCSPBlob(byte[])

Form XML (Using Soap formatter) serialization:

RSCP.ToXmlString(bool)

RSCP.FromXmlString(string XMLString)

To use serialization you have to include following namespaces:

System.Runtime.Serialization;
System.Runtime.Serialization.Formatters.Binary;
System.Runtime.Serialization.Formatters.Soap;

they allow you to save the serialize object to a file stream.

So, Secure computing made easy!!

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.