Discuss this help topic in SecureBlackbox Forum
Encrypt data with X.509 certificates
SecureBlackbox offers a simple way for encrypting data with X.509 certificates based on PKCS#7 message standard. The standard allows to encrypt the same content for an arbitrary number of recipients represented by their certificates. The content is encrypted with the recipients' public keys (taken from their certificates). Each recepient can decrypt the data using the private key corresponding to any of the public keys used for encryption.
PKCS#7 supports encryption of data of arbitrary length. This is achieved with the use of session keys. On the first stage, the data is encrypted symmetrically with a random session key. On the second stage, the session key is encrypted with the recipients' certificates and attached to the encrypted data.
Encryption is managed by the TElMessageEncryptor class:
TElMessageEncryptor encryptor = new TElMessageEncryptor();
encryptor.CertStorage = storage;
encryptor.Algorithm = SBConstants.Unit.SB_ALGORITHM_CNT_AES256;
int res = encryptor.Encrypt(plainDataStream, encryptedDataStream);
That's it.
If the call succeeds, the encryptedDataStream object will contain the encrypted message.
The message is fully compatible with the PKCS#7 standard and carries the content of the envelopedData subtype.
Check the res value returned by Encrypt() to ensure the encryption was successful.
The value of 0 indicates success, any other value reports a SecureBlackbox error code described here.
Learn how to decrypt the data, encrypted in the above way, here.