I have in some capacity always shared what I have learnt while doing projects with my fellow developers. Until now though that sharing was limited to well the people on that project, people on the next project or the odd person who read my company blog at http://consultingblogs.emc.com/michaelciba/.
In order to reach a bit wider audience though and share my half baked ideas with the world I have decided to poke my head above the parapet and start a new blog. After all it seems all the rage these days! So what can you expect from me? Well all sorts I guess my interests are varied but mostly I just want to share things which I think are cool and which I hope will help some fellow developers along the way.
Now all I need to do is start thinking of a second blog post idea....
Recently I needed to encrypt data on a server and allow a limited number of service accounts the ability to decrypt that data so it was as safe as possible. The approach I took to achieve this was by using a X509 certificate and it's ability to allow you to encrypt information via it's public key and decrypt that information through the private key. The key parts of this approach are: - Create a certificate - Ensure the KeySpec of the certificate is set up correctly to allow for encryption e.g. "KeyExchange" or "None" if you are doing this via PowerShell - Set the security on the private keys so only specific user accounts can access it and decrypt information encrypted via the public key. Step 1 - Create a certificate to use The easiest way to get a quick example going is via PowerShell to create a dummy root certificate and the one we will use for encrypting and decrypting. $rootCert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Dns
Comments
Post a Comment