.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

.net cryptography: Encrypting symmetric key using x509certificate's public key

Posted By:      Posted Date: September 28, 2010    Points: 0   Category :.NET Framework


I am trying to encrypt my symmetric key using the public key in an x509certificate. I am using x509certificate2.getPublicKey() to get the public key in form of byte array.

However, i have generated my symmetric key for RC4 using pinvoke CryptGenKey api which is essentially an IntPtr.

Also, I know that inside a certificate there is a field called keyAlgorithm. I need to encrypt the session key with this same algorithm so that client can easily decrypt it (remember, i have no control over the client code so this behaviour cannot be changed).

Could someone please help as to how I can encrypt my RC4 session key using the public key in the certificate (preferably in managed code).




View Complete Post

More Related Resource Links

Cryptography Application Block -- Symmetric Only?!

I am in the planning stages of developing an application and have been hoping to take advantages of the enterprise library.  I just noticed however that the Cryptography Application Block does NOT support asymmetric algorithms?  This is rather surprising.  On this topic i have a couple questions:   1- Why does the library presently only support symmetric algorithms?  2- When will support for asymmetric cryptographic algorithms be added to the library? 3- Does the enterprise library have the extensibility to allow one to implement additional algorithms for improved security in non-trusted deployment scenarios?   Thanks and best regards, Michael

symmetric key protected by a password

An alternative could be using a symmetric key protected by a password, as long as your application generates the CREATE SYMMETRIC KEY and OPEN SYMMETRIC KEY statements directly instead of calling them inside a SP (otherwise the password will still be passed as a parameter, and will be in clear in the profiler).

Public Shared function doubt????

I am using VB.net/ASP.NET and SQL Server 2000 for a web application.

For populating the dropdowns, I wrote a Public Shared function LoadDDL(), in which I pass the dataset and dropdown name to set.

I have my doubts that this function will produce unexpected results for concurrent users. And will mix the results among sessions because it is a Shared function.

I am confused here. Is it the right way to go?

Please advice. Thanks in advance.


NUnit and public static readonly


I have an app that I am testing with NUNit.  The project im testing has several helper classes that are created as public static readonly.  When I run the NUnit tests, they all fail with the same error

SetUp : System.TypeInitializationException : The type initializer for 'Systems.Utils.ConstantHelpers' threw an exception.
  ----> System.NullReferenceException : Object reference not set to an instance of an object.
SetUp : System.TypeInitializationException : The type initializer for 'Systems.Utils.ConstantHelpers' threw an exception.
  ----> System.NullReferenceException : Object reference not set to an instance of an object.

I kept getting this error despite stripping out all

Security: Applying Cryptography Using The CNG API In Windows Vista


Cryptography Next Generation (CNG) is meant to be a long-term replacement for the CryptoAPI, providing replacements for all of the cryptographic primitives it offered.

Kenny Kerr

MSDN Magazine July 2007

Security Briefs: Encrypting Without Secrets


Do you have a Web site or other system that deals in secrets of any sort? It seems like every time I give a security talk, people ask how to deal with the sticky problem of storing secrets. Connection strings with passwords are an obvious problem.

Keith Brown

MSDN Magazine January 2006

Cryptography: Employ Strong Encryption in Your Apps with Our CryptoUtility Component


When storing sensitive data, you need to be able to identify threats, determine how these threats interact with each other, and how issues can combine to constitute a vulnerability that will leave your data exposed. With a good understanding of the various cryptographic algorithms, salt, hashes, ACLs, and other available techniques, you'll be in a better position to protect your critical data.

Michael Stuart and J Sawyer

MSDN Magazine November 2004

Security: Protect Private Data with the Cryptography Namespaces of the .NET Framework


The .NET Framework includes a set of cryptographic services that extend the services provided by Windows through the Crypto API. In this article, the author explores the System.Security.Cryptography namespace and the programming model used to apply cryptographic transformations. He discusses reasons why cryptography is easier in .NET than it was before, including the easy programmatic acccess developers have to the cryptography APIs and the difference between symmetric and asymmetric algorithms. Along the way, a brief discussion of the most widely used algorithms, including RSA, DSA, Rijndael, SHA, and other hash algorithms, is provided.

Dan Fox

MSDN Magazine June 2002

Security.Cryptography Vs CAPICOM



I hope this is the right place to write this question.

I have an old system written in ASP that uses Capicom and made encryption to MD5.

In the system I am now building I wish to use the  .NET Security.Cryptography class to hash to MD5 - but I have a problem - the hashing result for a string is different from Capicom and the Security.Cryptography MD5.

How could that be?

Symmetric Key Encryption on the Compact Framework

There are two main types of encryption algorithms available within the .NET Compact Framework - symmetric and asymmetric encryption. This blog entry will discuss how to utilise symmetric key encryption, but first we have to outline the difference between Symmetric and Asymmetric encryption (I will discuss asymmetric key encryption in a future blog entry).

Symmetric and Asymmetric Key Encryption
Symmetric encryption algorithms (also known as ciphers) process plain text with a secret encryption key to create encrypted data (called cipher text). The same secret key is used to decrypt the cipher text back to plain text.

Asymmetric encryption (also known as public-key encryption) is a cryptography technique that uses public and private key pairs to encrypt and decrypt data respectably. The private key is a closely guarded secret, while the public key can be freely distributed over untrusted networks. You do not worry who has your public key (you could print it on a 100foot tall banner if you so desired), but you must keep your private key secret.

Encrypting and Decrypting Data


Hi all,

I have a webApplication in which i want to encrypt the data using Public key and whan it reach to the destination webapplication it will decrypted there with corresponding private key . Is there is any way to creating this pair of key? Is there is other way of doing this.Pls. Suggest.......

Encrypting/Decrypting web.config sections in ASP.Net

The article Encrypting/Decrypting web.config sections in ASP.Net was added by ujjwaladatta on Thursday, August 26, 2010.

Encrypting/Decrypting web.config sections in ASP.Net using System.Configuration; using System.Web.Configuration; public partial class _Default : System.Web.UI.Page { protected void Encripting_Click(object sender, EventArgs e) { EncriptSection("appSettings"

public object on asp,net page


in asp.net can i make public objects on my page, for example

public Customer cust1 = new customer();

and use this object on my entire code???

what are the drawbacks of creating public objects??

a single object will be created for all users??? or each user will have a different object????

OPEN SYMMETRIC KEY - Persist Across Sessions

We have a client .NET WPF application which connects to a local SQL 2008 Express server.  We are using symmetric SQL encryption to encrypt some columns.  In order to encrypt or decrypt, we must first open the symmetric key.  We have a logon trigger which opens the key automatically for us. Unfortunately, the key is opened A LOT due to the key being closed after each session closes.  This causes the CPU to peg at 100%.  We are using connection pooling and it would be wonderful to have the key remain open across sessions.  Anyone have any thoughts on how to do this?

How do I publish public facing SharePoint site(on internet)?

I developed public facing SharePoint 2010 portal publishing website using Window Server 2008 R2 and SharePoint 2010 Server and SPD 2010 on my computer. I have custom master page, page layout, css…. I want to publish it(on the internet).  I want to know cheap host and domain name service provider Company and steps to do it. I’ appreciate any advice in advance.

Public WCF services for testing clients

I try to find some (public) WCF services out there, but do not succeed. I want to talk to some for testing my work with clients. Any list ?
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend