|
|
|
|
|
Posted by Rome on January 29, 2006, 10:16 am
If you were Registered and logged in, you could reply and use other advanced thread options
: quoted-printable
Are all Public and Private Keys stored on certificates?
------=_NextPart_000_0006_01C624A3.FBC504A0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2802" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Are all Public and Private Keys stored =
on=20
certificates?</FONT></DIV></BODY></HTML>
------=
|
|
Posted by Roger Abell [MVP] on January 29, 2006, 10:27 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Are all Public and Private Keys stored on certificates?
No.
But I am not so sure that is what you really wanted to ask.
Two key algorthim was around before certificates evolved
as a way to use it. One use of certs is to store these keys.
These keys are not stored only in certs. Since the algorithim
is something different from how key pairs can be transported
(such as in a cert) there are many uses for the algorithim that
only need keys, without regard to how the keys are transported.
What is it you really wanted to know?
|
|
Posted by Mitch Gallant on January 29, 2006, 11:01 am
If you were Registered and logged in, you could reply and use other advanced thread options
Standard X.509 certificates store only the Public key, and issuer's =
signature plus other information
about the "owner" of the public key. Essentially, all the information =
within a cryptographic certificate
is intended to be public. Here is a visual dissection of a typical =
X.509 v3 certificate:
http://www.jensign.com/JavaScience/GetTBSCert
The private key (say an RSA key) matching a corresponding public key =
must be protected and kept
private. Therefore such private keys are typically maintained in =
"keystores" or "keycontainer files"
which are always (or should be) protected by some encryption process =
which can be rather complex
(e.g. the keycontainer protection mechanism in W2k and higher uses login =
credentials to extract an
encryption key using DPAPI ). =20
Smartcards may use their own mechanism for protecting the private key =
data.
PKCS#12 defines one standard for (relatively speaking) securely =
transporting private keys and their matching
public keys and certificates and other data in a platform independent =
way (sort of!).
- Mitch Gallant
MVP Security
www.jensign.com
Are all Public and Private Keys stored on certificates?
------=_NextPart_000_0035_01C624C3.507DEB50
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2802" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Standard X.509 certificates store only =
the Public=20
key, and issuer's signature plus other information</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>about the "owner" of the public key. =
Essentially,=20
all the information within a cryptographic certificate</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>is intended to be public. Here is =
a visual=20
dissection of a typical X.509 v3 certificate:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> <A=20
href=3D"http://www.jensign.com/JavaScience/GetTBSCert">http://www.jensign=
.com/JavaScience/GetTBSCert</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>The private key (say an RSA key) =
matching a=20
corresponding public key must be protected and kept</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>private. Therefore such private keys =
are typically=20
maintained in "keystores" or "keycontainer files"</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>which are always (or should be) =
protected by some=20
encryption process which can be rather complex</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>(e.g. the keycontainer protection =
mechanism in W2k=20
and higher uses login credentials to extract an</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>encryption key using DPAPI ). =
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Smartcards may use their own mechanism =
for=20
protecting the private key data.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>PKCS#12 defines one standard for =
(relatively=20
speaking) securely transporting private keys and their =
matching</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>public keys and certificates and other =
data in a=20
platform independent way (sort of!).</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>- Mitch Gallant</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> MVP Security</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> <A=20
href=3D"http://www.jensign.com">www.jensign.com</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rome" <<A=20
wrote in=20
message <A=20
=
@TK2MSFTNGP14.phx.gbl</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>Are all Public and Private Keys =
stored on=20
certificates?</FONT></DIV></BLOCKQUOTE></BODY></HTML>
------=
|
| Similar Threads | Posted | | SSL Keys on USB Drive | April 3, 2006, 1:43 am |
| Start Keys | April 26, 2006, 7:27 pm |
| What are "impersonate" keys | April 19, 2007, 11:58 am |
| How encryption keys should be distributed? | May 8, 2007, 11:58 pm |
| security on registry keys | January 3, 2008, 4:38 pm |
| PGP Keys For Software Digital Certificate | December 12, 2006, 10:52 am |
| I am looking for the classic "Send Keys" program | May 14, 2008, 2:55 pm |
| Re: Alphabet letters not used in Microsoft product keys | September 16, 2007, 5:27 am |
| RE: Alphabet letters not used in Microsoft product keys | September 16, 2007, 9:55 pm |
| Re: Alphabet letters not used in Microsoft product keys | October 7, 2007, 7:59 pm |
|
|
|
XML site map