.net: What is the best practice for encrypting a string in one application so it can be only read by another?

Question

I have an application (App1), and it needs to write out an encrypted string. Another application (App2) needs to be able to decrypt and read that string, and by decrypting, verify that it was encrypted by App1. App2 should not be able to write out a new encrypted string.

I know that this deals with the public/private key pairs, but I do not know what the current best practice technology is in this area, and I do not know which .net classes implement it? I can use a certificate as necessary.

Any input is appreciated.

Thanks.

Answer 1

App1 & App2 generate their own private/public key pairs and exchange public key pairs. Then the workflow goes like:

App1 -> Data + App2-PublicKey = Encrypted Data
App2 -> Encrypted Data + App2-PrivateKey = Data

So App1 or App2 only encrypt the data with the other one's public key so only that application can decrypt it using it's private key. This way the data exchange is secure. If the encryption is like:

App1 -> Data + App1-PrivateKey + App2-PublicKey = Encrypted Data
App2 -> Encrypted Data + App1-PublicKey + App2-PrivateKey = Data

now the data exchange is both secure and authentic (i.e. two applications will be assured that it is the other application communicating to it). Ref: http://en.wikipedia.org/wiki/Transport_Layer_Security

Reminder: Public key is for encryption and the private key is for verification. Also signing step is always the last as it is done on the final processed data.