Encryption using X.509

[David Smith]

I have writen a class that uses certificates to encrypt
data on my web servers prior to storing it in a database
and would like to know if there are any flaws associated
with this design. I chose this because there are no keys
to manage in configuration files and certificates are
already in use for web service security using WSE 2.0. It
takes a string and encrypts it and passes back the
ecrypted string for storage in the database. Web servers
have the public key for encryption while the backend
servers (not public facing) have the public and private
keys which can be used for encrypting and decrypting the
data for various processes.

[Joe Kaplan \(MVP - ADSI\)]

Generally, RSA encryption is only used for encrypting small pieces of data
(11 bits less than the key length) such as a symmetric encryption key. So,
this might work for small strings, but probably isn't a good idea for large
data.

For large data, you typically encrypt with a symmetric algorithm and then
store the symmetric key encrypted via RSA so that you can decrypt the
symmetric key with the RSA private key then perform the rest of the
decryption.

Joe K.

"David Smith" <smith.wd@gmail.com> wrote in message
news:0db001c53a4a$a5b04230$a501280a@phx.gbl...

>I have writen a class that uses certificates to encrypt
> data on my web servers prior to storing it in a database
> and would like to know if there are any flaws associated
> with this design. I chose this because there are no keys
> to manage in configuration files and certificates are
> already in use for web service security using WSE 2.0. It
> takes a string and encrypts it and passes back the
> ecrypted string for storage in the database. Web servers
> have the public key for encryption while the backend
> servers (not public facing) have the public and private
> keys which can be used for encrypting and decrypting the
> data for various processes.