Not a long time ago I discovered RSA Encryption / Decryption and I have some little experience. Currently I'm developing an application in C# which has to send to my server some sensitive information. Can I encrypt that information locally in C# program, send it to server, and than decrypt it (using a PHP script)? Is that enough to make sure nobody can see the original info excepting server and client?

EDIT: Client (C# app) doesn't have to decrypt any information, so the private key will be stored only on the remote webserver (server-side of course).

Accepted Answer

Possible? Yes. Tricky? VERY yes. Using RSA directly is not easy; you need to be careful to use padding properly, sign the data as well to avoid data-manipulation attacks, etc etc.

I would recommend you simply use SSL - hard-code the acceptable certificate in your client, and verify that's the certificate of the server you're connecting to. Then the SSL library will take care of all the tricky details for you. You could also consider invoking GnuPG, or using some other similar library if you are doing some kind of batch-like transfer.

Written by bdonlan
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the community.
It is licensed under cc-wiki