S
Silan Liu
If I want to customize encryption/decryption in a web service, independent of the underlying protocol such as HTTP, using SOAP extension or similar technologies, the process should be:
1. Server sends a server certificate to client;
2. Client validates the certificate;
3. Client generates a key and IV and encrypt them with the public key in the certificate, and send them to server;
4. Client and Server talk to each other using the symmetric keys to encrypt and decrypt.
IS THIS PROCESS CORRECT?
If yes, I have two more questions:
1. How does the server send the certificate to client? As a byte array? Then client would have to save the byte array in a file and reload it, because X509Certificate class only have a CreateFromCertFile method, not a CreateFromByteArray method. It does not seem right.
2. How does the client validate the certificate? I did not find any class or function in .NET class library to do this.
Is there an article talking about this matter?
Thanks in advance!
1. Server sends a server certificate to client;
2. Client validates the certificate;
3. Client generates a key and IV and encrypt them with the public key in the certificate, and send them to server;
4. Client and Server talk to each other using the symmetric keys to encrypt and decrypt.
IS THIS PROCESS CORRECT?
If yes, I have two more questions:
1. How does the server send the certificate to client? As a byte array? Then client would have to save the byte array in a file and reload it, because X509Certificate class only have a CreateFromCertFile method, not a CreateFromByteArray method. It does not seem right.
2. How does the client validate the certificate? I did not find any class or function in .NET class library to do this.
Is there an article talking about this matter?
Thanks in advance!