I'm developing 2 applications that need to exist on two separate servers. One will encrypt data and store the encrypted data in a SQL Server instance (SQL 2012 Standard, so no TDE support). Another application will pull the encrypted data down and decrypt it to present in some report.
Should I be looking at secret key AESManaged for this using shared private/public key access?
AES is a symmetric key cipher and thus does not use private/public key pairs. With AES, all actors must have access to the same key to encrypt and decrypt data. If you are comfortable with both systems having access to the same key, then you do not need to introduce asymmetric (public/private) encryption to this solution.
If you do not want both systems to have persistent access to a static shared key (which you probably do not), you can use a hybrid cryptosystem -- generate a random AES "session" key for each message/record which is to be encrypted on the source system, encrypt the data with the symmetric key (use an AEAD mode or add an authentication tag over the cipher text via HMAC), then encrypt the session key via the recipient's public key. You can now transmit the encrypted session key and encrypted data together, the recipient will decrypt the session key using its private key, and then decrypt the data. Compromise of any single message will not compromise any other record (well, as long as it's not the recipient private key that is compromised).
In .NET that means
AesManaged
orAesCryptoServiceProvider
(see here for more information) andRsaCryptoServiceProvider
orRsaCNG
(see here).