Passing around encryption keys...

[Scott Meddows]

I have a need to encrypt data coming from and to a server. I've decided to
use custom soap headers and attributes to do this (Not using the WSE).

I'm the first one to admit. I'm a poon when it comes to encryption. This is
a little flowchart of what I need to do...

On the client side, retrieve a user name and password from a user. Create
an RSA key and using the public key fixed on the server, encrypt the
password and pass that to the server for authentication. Once the user is
authenticated, I'll encrypt a symmetric key (That is generated every day
new) and pass that back to the user using the original public key passed
from the client (To ensure my secret stays a secret). Then cache that in
memory to decrypt all further communications.

Here is my problem. I've tried this every way I can think of. But not
knowing too much about encryption I am mostly shooting in the dark. Is
there a quick example of just the code to do this? I can add custom headers
to the SOAP message. Or is there an example of how to do this (Preferably
VB.net but can port from C#)

Thanks a lot!! My boss and I will thank you!

 

[Scott Meddows]

Will I need to deploy any DLLs to the client with using this? This is
really what I am trying to avoid. I'll like this app to be web deployable.