Menu
I am using NServiceBus with MSMQ between my web application and service and I need to be able to encrypt the message payload so that if a message gets queued locally on the web server (service host is down) that sensitive data can't be viewed.
Because the web server is public facing, I am not only required to encrypt data that may be serialized to disk in anyway, but I also cannot store the encryption key on the web server.
I've considered using DPAPI to store the key, but since the key would be stored on the host I don't know yet if that runs afoul of the requirement or not. The other option I have considered is that when the web application starts it could request the key from a service and hold it in memory for the life of the application pool.
I haven't had to work with this level of requirement on encryption before and would like to find out what others are doing and get some feedback on the ideas mentioned above.
257
The encryption key is created and stored on the key management server. The key manager creates the encryption key through the use of a cryptographically secure random bit generator and stores the key, along with all it's attributes, into the key storage database.
Private key allows owner to decrypt, public key allows owner to encrypt something private key owner can decrypt. Let's say user wants to login onto a server using this auth scheme. In Unix systems, public key is put on the server, private key is used to generate a signature for the server to verify.
Public key cryptography is often used for email traffic, such as with the standard encryption method S/MIME, for digital signatures as well as for cryptographic protocols such as SSL/TLS, SSH, and HTTPS.
Can you use public/private key encryption? Then you only need to public key on the server, and the data is decrypted using the private key elsewhere.
193
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
