Encrypting Requests

We need to have a Netduino send data to one of our REST services.
In our specific case, it can only do that over HTTP (please don’t go there).

Up until this point all our services were secured by OAuth2 under SSL. But we now need to expose a special service over HTTP only, with no oAuth2 protection. I feel like we are stepping back into the 90’s.

Is there any help in ServiceStack to make it easier for us to implement a secure call?
I saw this post by Demis a while back. Any new advances to help support that in SS, or is that all we have to play with still at this point? I am not asking if SS solves the solution for us, just what we can leverage out of the box.

Clearly, we need to sign and encrypt the data both ways (asymmetric public/private keys), and manage some kind of a handshake to identify not just the device but the user on the device, and prevent replay attacks with nonces etc. All that standard stuff.

No we don’t have any additional libraries built into ServiceStack to help with encrypting data, the approach in my answer is still the one I would take for sending application-level encrypted messages, although I would probably do something around managing public keys for each user, like generating a Public/Private Key Pair and letting the client download their private key once over SSL (AWS has a similar approach), then storing the Users public key in a custom User table so each message is decrypted with the stored public key and each users has their own private/public key.

Thanks for the confirmation