Asymmetric encryption in kentico

Naresh Ede asked on September 21, 2017 06:37

Hi, Actually i have to pass some values in query string from one site another both are in kentico,

Now i want to secure the data by using Asymmetric encryption.

Is that possible in kentico ?

If possible please provide me the solution.

Note: I want to write ASCX code to encrypt and decrypt the data.

Recent Answers

Trevor Fayas answered on September 21, 2017 14:02

This may be difficult as the encryption helper Kentico provided most likely only works on the same instance of Kentico (unless the other site is housed on the same server). Encryption usually required a key to encrypt and decrypt.

If they are two sites on the same Kentico instance, the try the encryptionhelper class too encrypt and decrypt, although may be more secure to store value in a temporary table and just pass that records guid.

If they are separate instance, may need to use your own custom encryption so you can control the cypher keys

0 votesVote for this answer Mark as a Correct answer

Trevor Fayas answered on September 21, 2017 15:28

I'll add that i'm pretty sure on the above, but it's possible that you can use the EncryptionHelper encrypt and decrypt across different kentico instances, i'm not sure if it's like macro signatures that can be invalid on other environments unless they have the same key. You can try and see if it works.

1 votesVote for this answer Mark as a Correct answer

Naresh Ede answered on September 22, 2017 06:44

Thanks Trevor Fayas

Consider that the sites are same of different domain aliases, now i'm implementing auto login for its domain alias for that i'm passing the user details to domain alias autologin page to login, now the Encryption helper takes same key for its domain alias also or not.

0 votesVote for this answer Mark as a Correct answer

Trevor Fayas answered on September 22, 2017 15:15 (last edited on September 22, 2017 15:17)

I was referencing the below, but it looks like this is Symmetric encryption vs. assymetric

http://devnet.kentico.com/docs/10_0/api/html/M_CMS_Helpers_EncryptionHelper_EncryptData.htm

This may be fine as Kentico holds the "Key" for the symmetric encryption, so that doesn't get exposed, but it does mean that theoretically if someone gets the token and has a kentico installation they can decrypt it themselves.

You would have to implement your own Asymmetric encryption algorithm and class that you could create the public/private key. I don't see anything built into Kentico i'm afriad :(

Another option though, is if you are just looking to pass data between your two sites, if they use the same database you can store the information there and just pass a GUID to that record, OR if they are on different databases but you the databases can 'see' each other, you can create a sql database link and direct query the other database from the first.

Likewise, you can use the ConnectionHelper.GetConnection and pass the other database's connection information so you can query from the other database, and again just pass a GUID. This way only the row GUID is visible and means nothing to any spys.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.