login about faq

We successfully use your decryption component (Chilkat.Crypt2) to decrypt a SAML document sent to us from a client for the purposes of SSO. We’re using a shared key and initialization string that has been working just great.

We’ve been asked to create a second SSO form that will use a certificate for the decryption (.cer). Are there any examples online of using your component with a certificate to perform the decryption?

asked Mar 12 '13 at 09:22

chilkat's gravatar image

chilkat ♦♦

To summarize since this has taken me a few days, this is working with our customer and has been for a long while. We simply traded the initialization string and the key with them. They now have a new vendor that used an off-the-shelf product that requires the use of a certificate (a .cer file) which they sent to me. I need to figure out how to use that certificate to decrypt the SAML packet they’re sending me. If it helps I can send you the certificate.

(Mar 12 '13 at 09:22) chilkat ♦♦

I've had difficulty in forming an answer because I don't know how to help.

I think the issue is that before you begin, you need to have some fundamental understanding of the basics of the subject matter. In other words, the difference between symmetric encryption and public-key encryption. Symmetric encryption is where a shared secret (i.e. the identical password or secret-key) is used to encrypt and decrypt, and both parties have knowledge of the key. With public-key encryption, the key is in two corresponding parts. The public key can be given out freely to anyone, and it may be used to encrypt data that can only be decrypted by the owner of the corresponding private key.

AES, Blowfish, 3DES, Twofish, RC2, etc. are symmetric encryption algorithms.

RSA is a public-key encryption algorithm.

A digital certificate is something different -- it is something that establishes authenticity -- that you are who you say you are -- and it also encapsulates a public-key that corresponds to the private key held by the certificate owner. The .cer is a digital certificate containing the public key. It does not contain the private key. A PFX file (also known as .p12 or PKCS12) is a container that can contain both certificate(s) and private keys.

I don't have an answer for you because before you even begin, you need to understand the subject matter and the architecture of what's involved. Once you do, you can have a meaningful conversation with your counter-party, and in addition, when you review the Chilkat documentation and examples, things will make more sense.


answered Mar 12 '13 at 09:23

chilkat's gravatar image

chilkat ♦♦

Thank you for your explanation.

We have received both his PFX and CER files and assume that he’s performing RSA encryption. I’m able to access his certificate, access the private key stored within it, and subsequently encrypt/decrypt small strings. However, when I attempt to either encrypt or decrypt strings as large as the XML packet he’s sending me the encryption fails because I’m exceeding the size limit.

It was my understanding that AES encryption was used because of its ability to encrypt/decrypt larger amounts of data (since it’s broken down into smaller groups of bytes), but to your point that’s where my understanding ends.

So I guess what I really need assistance with is using his certificates to decrypt a large string, which really means separating the data into chunks based on the key length.


answered Mar 12 '13 at 09:45

chilkat's gravatar image

chilkat ♦♦

RSA encryption is about 1000 times slower than AES or other symmetric encryption algorithms. (I'm not exaggerating) Symmetric encrytion is often referred to as the bulk encryption algorithm -- meaning it's used to encrypt large amounts of data. The typical strategy is to use RSA (i.e. public-key encryption) to encrypt/decrypt a symmetric encryption key, and then use symmetric encryption to encrypt/decrypt the actual data.

See this example: http://www.example-code.com/csharp/rsa_encryptKey.asp

(Mar 12 '13 at 09:48) chilkat ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Mar 12 '13 at 09:22

Seen: 4,638 times

Last updated: Mar 12 '13 at 09:48

powered by OSQA