Data can be encrypted using Symmetric or Asymmetric Cryptography keys.

Symmetric encryption involves the same key to encrypt as well as to decrypt the message. Both parties communicating the message has to know the key. Key distribution is a problem. For security, if there are more one sender involved, each sender has to have its own key. Symmetric Key like AES uses 128, 192 or 256 bits key size.

Asymmetric encryption involves two keys, a public key to encrypt and a private key to decrypt the message. The public key is given to the sender while the private key is only known to receiver. Hence, all senders can use the same public key to send message. This solves the key distribution problem with symmetric key. The length of asymmetric key like RSA comes in 1024, 2048, 4096 bits. Higher the length, greater the security. Asymmetric keys, being lengthier, are slower in comparison to symmetric key.

In standard process of secure data exchange, both symmetric and asymmetric are used. Since symmetric is fast, it is used to encrypt the message. The symmetric key is then encrypted with asymmetric key. The resulted cipher data are appended together and transmitted to receiver. The receiver then uses private key to decrypt the symmetric key, which is then used to decrypt the message.

To create a custom RSA key container on Windows Server, User creating the key should have Read/Write permission to “\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA” folder. RSA keys are stored in the secure RSA\MachineKeys folder.

Execute the following command under administrative rights

aspnet_regiis -pc “MyRSAKey” -exp

aspnet_regiis is available under \WINDOWS\Microsoft.Net\Framework\v4.0.*.

-pc option is to create the key.
-exp option is to make the key exportable. This is very important if you ever need to export the key to another server.

You can find the more detail about creating and exporting RSA key in here.

The default key size is 1024 bit. It is recommend to use 2048 bits or higher. The -size parameter does not seem to work with aspnet_regiis command. If you use it, verify the key size.

You also need to give permission to the user who needs access to the key.

aspnet_regiis -pa “MyRSAKey” “NT AUTHORITY\NETWORK SERVICE”

You can also create the key using code below:

Below is the code snippet for encryption  and decryption using AES and RSA key

Any questions and comments are welcome!!!

Happy Encrypting!!!

 

Data Encryption using Symmetric and Asymmetric key
Tagged on:                     

Leave a Reply

Your email address will not be published. Required fields are marked *