EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ElMessageEncryptor/ElMessageDecryptor

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#11143
Posted: 09/28/2009 03:39:50
by Chris Tulabut (Basic support level)
Joined: 07/04/2009
Posts: 6

Hi,

i have successfully implemented a hybrid cryptosystem using the TelAsymmetricCrypto/TelSymmetricCrypto(RSA/AES) classes.

1. Will the ElMessageEncryptor and ElMessageDecryptor classes be a better subsitute?

2. the ElMessageEncryptor/ElMessageDecryptor algorithm property can only be set to Symmetric algorithms. And the classes require certificates/private keys for encryption/decryption. As far as i know, certificates/private keys are used for Asymmetric algorithms and a secret key is used for Symmetric algorithms. Could you please tell me why ElMessageEncryptor/ElMessageDecryptor algorithms are symmetric but they require certificates/private keys.

3. the ElMessageEncryptor/ElMessageDecryptor has a certstore property. does this mean that the data im encrypting will be encrypted using ALL of the certificates in the certificate store? (if so, i like this one since in my hybrid cryptosystem, i have to encrypt data certificate by certificate).

thanks,
chris
#11144
Posted: 09/28/2009 04:12:02
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Quote
1. Will the ElMessageEncryptor and ElMessageDecryptor classes be a better subsitute?

It depends on the specifics of particular system. Actually, these classes work with PKCS#7-formatted messages, and PKCS#7 is just a standardized way of representing symmetrically/asymmetrically encrypted data.

Quote
Could you please tell me why ElMessageEncryptor/ElMessageDecryptor algorithms are symmetric but they require certificates/private keys.

According to PKCS#7 standard (actually, such approach is applicable for any asymmetric cryptosystem), the data is encrypted in two steps:
1) the data itself is encrypted using symmetric cipher with a randomly generated key,
2) the symmetric key is encrypted with an asymmetric public key.

The asymmetric algorithm is taken from the recipient's certificate. That's why there's no property reserved for it.

Quote
does this mean that the data im encrypting will be encrypted using ALL of the certificates in the certificate store?

Yes. Every recipient whose certificate was present in the supplied certificate storage will be able to decrypt the data encrypted in such way using his private key.
#11148
Posted: 09/28/2009 05:20:04
by Chris Tulabut (Basic support level)
Joined: 07/04/2009
Posts: 6

hmmm.. looks like i need to read a little bit more about PKCS#7.
so when i call ElMessageEncryptor.Encrypt
this is what happens..

1. the actual data is encrypted using a generated SYMMETRIC KEY. encrypting algorithm is specified by ElMEssageEncryptor.Algorithm.

2. the SYMMETRIC KEY is encrypted using the public key/s of the certificate/s located in the certificate storage. encrypting algorithm is specified by the certificates themselves

3. the result of ElMessage.Encrypt = Encrypted Data + Encrypted Key

4. ElMessageDecryptor.Decrypt will "disassemble" the ciphered data into Encrypted Data and Encrypted Key

5. ElMessageDecryptor does the rest backwards...

thanks,
chris

Reply

Statistics

Topic viewed 1072 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!