Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Encryption in C# Web-Services

I'm looking for a simple way to encrypt my soap communication in my C# Web-Service.

I was looking into WSE 3.0 but it seems Microsoft dropped support for it, and therefore it's not straightforward to use.
It seems WCF could've been an option but I prefer not to upgrade from .NET 2.0 .

Any simple, straightforward encryption method?

like image 346
David Berlin Avatar asked Aug 20 '08 17:08

David Berlin


People also ask

What are the encryption in C?

Secret key encryption with a random key Authenticated Encryption. Secret key encryption with a key derived from a passphrase Key Derivation. Hybrid encryption with Key Agreement. Public Key Encryption.

What is encryption with example?

Encryption is an important way for individuals and companies to protect sensitive information from hacking. For example, websites that transmit credit card and bank account numbers encrypt this information to prevent identity theft and fraud.

What is meant by encryption and decryption in C?

Encryption is the process of translating plain text data (plaintext) into something that appears to be random and meaningless (ciphertext). Decryption is the process of converting ciphertext back to plaintext.

What is encrypt in programming?

Encryption is used to keep data secret. In its simplest form, a file or data transmission is garbled so that only authorised people with a secret key can unlock the original text.


2 Answers

I think this can help; last year we used this to compress the webservices and it performed very well, I believe it could be enhanced with encryption classes;

Creating Custom SOAP Extensions - Compression Extension

like image 56
Nelson Miranda Avatar answered Sep 22 '22 09:09

Nelson Miranda


Anything you do to provide "encryption" that isn't using SSL/TLS is likely to be vulnerable. Now you have to ask yourself, is it worth burning dev hours you could be spending on features on a rubber-chicken security measure? Maybe it is.

.NET APIs like DPAPI and the Win32 crypt32 API make it easy to encrypt blobs of data with static keys. But how will your clients receive the keys? Any installed SOAP client will have to either have the key burned into its configuration, or receive it over the insecure Internet.

This is the problem SSL/TLS solves for you; the dance you do with TLS certificates is what solves the problem of communicating public keys over untrusted channels.

like image 43
tqbf Avatar answered Sep 24 '22 09:09

tqbf