What are the top key management system both paid and open source

Thanks..but our scenario is bit different..I am explaining in details below:-

Our application send sensitive information to clients(each client has its own sensitive information).Not all the information will be sensitive but only few fields will be sensitive so whenever client request data, we want to encrypt that information and send it across.To the client ends, they will have their key management system(different client can have different key management services.) so now what we want to achieve is that when client receive this information then our response( probably in javascprit) will ask them to provide key from the technique they are using and using this key they will decrypt the response.This seems to be bit complicated but it will be really heplful if anyone can suggest some solution for it.

You can use any Visual Studio edition you need and you can afford. See a comparison of features here: http://www.visualstudio.com/en-us/products/compare-visual-studio-products-vs.aspx[^], I suggest you try Community edition[^]. It is also free, and can be also used for commertial applications (check this[^] article), but much better than Express.

You wrote, that you want to host your application and data in the cloud. First of all, if you don't trust your provider, forget it. In general you don't encrypt data on server side. You can, but in case you need to dechyper data on server side, it has no use. So le't suppose you trust your provider, and data is stored unencrypted. You wrote you need to enctrypt the communication of the web application. The mechanism you described is existing, it is called https[^]. All the data is travelling encrypted from server to client. You can combine http and https as encryption costs. It's resource cost might or might not be charged by the provider, but if you want regular or extended (green bar) certificate it will cost you for sure. Still, this is the only way to assure your clients that your site is trustworthy. Self-signed certificates are for development purposes only. If you want, you can build your application in a way where GUI elements are served over http, and all data is travelling via https, but if you can afford, deliver all contetn over https.

But https won't assing fixed key to the clients. If you need that you can implement PKI on javascript side (http://pkijs.org/[^]), but I don't think it is the way to do this. If you want to restrict access to the site, and harden the application, you can use client side cerificate authentication. You issue certificates for the clients, which they install. You can configure IIS[^] to use authenticate the client based on this. Windows certificate store is secure, I can't figure out a situation where certificate authentication and https are not enough. Yes, it is automatic, thus client don't need to povide any key, but you still can add username-password authentication on top of it.