|
Sending an Encrypted Session Key
The easiest way to send encrypted messages to another user is to send the
message (encrypted with a random session key) along with the session key (encrypted
with the receiver's exchange public key). These are the steps for sending an
encrypted session key:
- Create a random session key using the CryptGenKey function.
- Encrypt the message using the session key. (This procedure is discussed in the
section Encrypting and Decrypting Data.)
- Export the session key into a key blob with the CryptExportKey function, specifying that the key be encrypted with the destination user's
key exchange public key.
- Send both the encrypted message and the encrypted key blob to the destination
user.
- The destination user should then import the key blob into his or her CSP using
the CryptImportKey function. This will automatically decrypt the session key, provided the
destination user's key exchange public key was specified in step 3.
- The destination user can then decrypt the message using the session key,
following the procedure discussed in the section Encrypting and Decrypting Data.
The following illustration shows how to send an encrypted message using this
procedure:
This approach is vulnerable to at least one common form of attack. An
eavesdropper can acquire copies of one of more encrypted messages and the encrypted
keys. Then, at some later time, the eavesdropper can send one of these messages to
the receiver and the receiver will have no way of knowing the message did not
come directly from the original sender. This risk can be reduced by
timestamping all messages or by using serial numbers. Using a three-phase key exchange
protocol will eliminate this problem entirely. See the Sample Three-Phase Exchange Protocol section.
| Last news from Greatis Software |
 |
|
Nostalgia .Net |
|
.Net is powerful, but not all-powerful, so sometimes we need to use Win32 API for our .Net applications. It's simple enough with Platform Invoke if you have Win32 skill, but we do not always have time to dig the ancient documentation, declare the special types that are compatible with Win32, find the values of the Win32's constants and so on. Nostalgia .Net offers several simple-to-use classes, and components that will allow you to forget about the headache of Win32 and just use the power of Win32 in your application the same way as you use the native. Net classes. More » |
| Recommended software for developers |
 |
|
Ultimate Pack |
|
Component pack for Delphi and C++ Builder that contains runtime form designer, runtime object inspector, print suite and much more for the very special price. More » |
 |
|
Form Designer .Net |
|
Unique runtime form design solution that allows to edit any form in .Net WinForms application at runtime with full source codes for only 300 euro! More » |
 |
|
Print Suite .Net |
|
Print Suite .Net is a set of components for easy printing texts, images and grids from your WinForms applications. Full C# source codes are available More » |
 |
|
Gradient Controls .Net |
|
Gradient Controls .Net offers controls with gradient background feature. Labels, panels and so on... Full C# source codes are available More » |
 |
|
Greatis iGrid |
|
iGrid plots drawing grid right over your desktop, so you can use it everywhere, with any drawing application without any special plugins for different graphic editors. More » |
All the contacts and projectsDmitry Vasiliev (just.dmitry)
Related LinksSoftware for Visual Studio .NET developers
Software for Delphi and C++ Builder developers
Software for Visual Basic 6 developers
Delphi Tips&Tricks
MegaDetailed.NET More Online Helps Win32 Programmer's Reference
Win32 Multimedia Programmer's Reference
OLE Programmer's Reference
Microsoft Windows Pen API Programmer's Reference
Microsoft Windows Sockets 2 Reference
Microsoft Windows Telephony API (TAPI) Programmer's Reference
Unix Manual Pages
|
