I have a big XML that needs to be encrypted on one server (by one c# application), and needs to be decrypted on another server (by another c# application). The XML contains the critical information for which this encryption needs to be done.
My real need is that my server that does the encryption should only know the public key and the private key is known only to the server which is doing the decryption. Also, this private key should be stored in a safe area on the server such as certificates.
What should be the steps that can help me achieve so?
How the key-pair and certificate are generated depends on the software used.
The private key can be obtained from a certificate.
The general method is to encrypt data with a symmetric encryption algorithm such as AES and encrypting the symmetric key with asymmetric encryption algorithm such as RSA or EC and the public key. This is done for two reasons: 1. Asymmetric encryption is very slow compared to symmetric encryption. 2. The data length for Asymmetric encryption is limited by the key size: a typical key size is 2048-bits and that limits the data length to 245-bytes.
There is in general no way to securely store a private key (or anything) on the server other than the server being secure short of the server having an HSM or access to a TPM. The main step on making the server secure is 2-factor authentication. But if it is on a shared computer beware of root escalation exploits by other users of the server.
HSM - Hardware Encryption Module
TPM - Trusted Platform Module