I am implementing payment gateways and I need to protect its key and password for security reason. Also some web-services keys and password in ASP.NET.
Any ideas on how to implement them?
You can encrypt/decrypt using RSA Encryption.
It's a secure way and uses asymmetric cryptography.
In JavaScript you can use RSA In JavaScript by ohdave
And in ASP.NET you can use this implementation
Related
I have a security requirement that all the data flows through API should be encrypted. I don't see any OOTB implementation. So I have thought about having a filter to decrypt and a custom sanitizer to encrypt sounded like a plan but are there any other ways to implement this?
HTTPS protocol already has encryption. If you want to make it more, secure maybe you can add a client certificate option.
I've been looking all over the internet on how to encrypt/decrypt a password or a String using AES in Spring Framework. Any links or tutorials? Explaining AES is good too but please use a non-nerd words.
If you're wondering why should I do this is because we need to encrypt the password and save it in the session and get it from the session to decrypt then use it.
Thanks in advance.
Spring security actually does not build encryption tools themselves - they deal more with authentication, login, sessions, and encoding (so, hashing passwords and that sort of thing). Take a look at http://www.jasypt.org/, which is commonly used with spring security if encryption/decryption is needed at the spring security level (http://www.jasypt.org/springsecurity.html).
I am trying to find out the internals of login control in asp.net.
Does it uses some Public key encryption algorithm to exchange a key and then uses it for further communication as a symmetric key.
Also do we have our say in choosing the encryption algorithms like for ex i want to specifically use Diffie Hellman with login control. Is it possible and how can i achieve this?
Disclaimer: I'm no cryptographer...
The Login controls use ASP.Net Membership along with Forms Authentication by default.
You can create your own auth mechanism
The default hash algorithm used in ASP.net Membership is SHA1. Yes, you have a choice. I've had to use MD5 in a migration project (if memory serves from phpBB to ASP.net) more than a few years back...
(see disclaimer) Elliptic Curve Diffie-Hellman (ECDiffieHellman) info
In config
ECDiffieHellman
hth...
Do I have to have a secret key added to my login form for encrypted authentication since I have a 2048-bit Certificate? How secure is that with/without it?
Only if you perform the encryption yourself. If you use SSL or a container such as CMS (Cryptographic Message Syntax), then the secret key is generated by the framework. You do need some session secret key to encrypt data such as forms.
How can I Encrypt on iPhone Decrypt the same data in an ASP.NET application?
Should I not worry about it and just send all data by SSL?
Thanks
Depends on what the data is. If it's highly sensitive, you're probably better off using SSL. But for general information, Encryption and Decryption shouldn't matter as long as use the same encryption/decryption method (and keys) on both ends.