Could someone please help answer a quick question on encrypting a message using Asymmetric keys? My question is this. I did an exercise in a book that I'm reading where I created a certificate using makecert.exe. From the Visual Studio command line, I created a cert on my local machine with both a private and public key. Once I created the self signed certificate the author used the class RSACryptoServiceProvider to encrypt data. The author searches the certificate store on the local machine and once it finds it, he uses the X509Certificate2 class. The author creates and opens an X509Store. He then uses the x509Store's certificate collection to find the correct certificate by name. Once he finds the certificate that he is looking for he creates a x509Certificate2 object ie: return (cert !=null) ? new X509Certificate2(cert) : null;. Now that he has the cert, he uses var provider = (RSACryptoServiceProvider)cert.Public.Key. The provider is then used to encrypt the data. byte[] cipherTExt = provider.Encrypt(Encoding.UTF8.GetBytes(data_to_encrypt)), true);
Questions
How would you get the public key to the user? With self signed certificates, do you just send the public key in (for example) an Web API response.
From what I understand (in the real world) you buy a certificate from a CA. Would you then load that certificate on your machine and then via code search your certificates on your local machine by name and then once you have the cert, you would send the public key to the user via a web response.? Would you do this in an API, or are certificates that are managed by a CA only for IIS to use.
Is this correct. When you buy a certificate from a CA like GoDaddy.com, would you then load it in IIS and then via IIS you would designate which web sites or API's etc would use that certificate. Then when a request comes in to that server for a web site that uses that certificate, IIS would just handle sending the public key with the response to the user. Then the users browser would contact the CA to verify that the server is who it states it is in the certificate. Then if all is good the browser would use that certificate to encrypt data that is sent back to the server. Then IIS would use the certificates private key to decrypt the data.
Could you use the method I described with the RSACryptoServiceProvider with a certificate that was purchased via a CA. If yes would you use some utility to load the certificate into the localstore of certificates or are purchased certificates on for IIS use.
Thanks
Dave.