Achieving AES-256 Channel Encryption with the .NET Compact Framework
I am working on a line of business application where the clients are Windows Mobile 6.1 Professional devices. The server is an enterprise Java application.
The industry working group recommends AES-256 encryption for client-server communication. This is required to obtain certification. The encryption does not have to be channel encryption, it can be payload encryption. Encryption of the channel is preferred.
The client and server communicate using SOAP / HTTP, which we have not yet implemented. We are planning to use WCF on a compact basis. To ease some of the work required to implement manual encryption / decryption, it would be nice if we could achieve the required encryption either at the TLS layer, or use the WS- * standards in some way (I'm not particularly familiar with this technology group, but I'm studying now). The server supports https with 256-bit AES.
Does anyone have any ideas on the best way to implement this?
Thanks in advance.
source to share
Channel encryption is likely to be the simplest and most flexible to implement. Using this reduces the dependency between client and server code. The client just has to make HTTPS calls to the server. For security, you take on a lot of application layer workload with WS-Security.
If you need to transfer data through intermediaries that are not fully trusted, then payload encryption will be more demanding.
source to share