Encrypting Files with AES, Encrypting Key with RSA - Am I on the right track?

Use PGP unless there's a good reason not to. PGP is an open and ubiquitous standard for hybrid crypto commonly used in email. There are many implementations of PGP.

The only . NET one I know is the BouncyCastle crypto project's C# library PGP actually provides a superset of the functionality you describe; for instance, PGP can also digitally sign messages.

Use PGP unless there's a good reason not to. PGP is an open and ubiquitous standard for hybrid crypto commonly used in email. There are many implementations of PGP.

The only . NET one I know is the BouncyCastle crypto project's C# library. PGP actually provides a superset of the functionality you describe; for instance, PGP can also digitally sign messages.

Regarding private key storage. The typical solution is to symmetrically encipher the private key before writing it to disk. Only the true owner of the private key knows the cipher secret, and they don't tell anyone.

That way, even if an attacker gets the private key file, they still have to compromise the secret or brute force the symmetric cipher. All the PGP implementations I know of do this. Please don't reimplement PGP if it does what you want.

PGP is pretty widely supported. Furthermore, mere mortals like myself (and presumably yourself) hardly stand a chance of getting everything right.

1 for recommending PGP instead of starting over. – Jerry Coffin May 13 '10 at 19:08 Thanks, I will see if I am able to use PGP for this. I typically run into a roadblock when I want to use a pre-existing tool here, they like to do everything in house.

:( – Shawn Steward May 13 '10 at 19:17 Cryptography should never be done inhouse, unless your house is chop full of world-class cryptographers and mathematicians – BlueRaja - Danny Pflughoeft May 24 '10 at 20:09.

As to your first part, this is absolutely the way to go about it. It's called a hybrid cryptosystem.

Thanks, knowing what it's called will definitely help in my research! – Shawn Steward May 13 '10 at 18:48.

This is essentially what SSL does. RSA is used for authentication and key exchange of a symmetric session key (eg, AES), which is then used for the body of the communication.

The traditional way to save a private key (used in GPG/PGP/PKCS#1/PKCS#8) is to password-protect it with a strong passphrase and stick it in a file. Most keystore-management tools have a way to export keys in PKCS#1/PKCS#8 format — you generate the key on one machine, export it with a password, and import it on another machine; the key is only outside a keystore for the purpose of transferring it between machines.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.