We're developing a service that will accept a POST request, and some of the POST data will need to be encypted before the POST as it will be stored in hidden fields on a form.

The application is written in C# but we want third party clients to be able to easily integrate with it. We find that most clients use PHP, Classic ASP or VB.Net.

The third parties should only be doing the encryption and we'd do the decryption there is no two-way communication.

What are the most compatible combinations of encryption algorithm, padding mode and other options?

Accepted Answer

Assuming that you have a safe way of sharing a key (whether RSA encryption of it, retrieval over an SSH or HTTPS link, or callling the other developer on a secured phone line), any of the major modern encryptions (like AES, as mentioned by @Ed Haber) would be suitable. I would second his suggestion of AES. There should be libraries for PHP, VB, Ruby, etc.

However, remember that with "no two-way communication" you will have to find an out-of-channel method for securely getting the symmetric key to the encrypting party.

Written by Ben Doom
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki