PKCS12 certificate usage
Date: 29 Nov 2004 10:52:56 -0800
How was the PKCS#12 certificate meant to be used? At first we used it
for website cert for SSL encryption, then for e-mail s/mime
encryption, now we are using this exported key for our handheld usage.
The thing is, the regular x509 certificate is managed, all encrypted
files can be decrypted even if you loose the key, you can be recoved.
The PKCS12 certificate is unmanaged. Once you loose the key, it's
gone, granted you CRLs can be checked to inform you that the
certificate has been revoked, but if you encrypt anything with this,
you can never get it back. Also, when you import you key into the
microsoft certificate store - you're importing a PKCS12 - The
unmanaged key. If we are using PKCS12 for most things now, why are we
keeping a managed CA? And managing these keys that no one is using?
Relevant Pages
- RE: Questions regarding EFS
... Actually, it's not at all like adding a recovery agent, nor is the ... UserBob has an EFS certificate. ... Symmetric keys are used for file encryption ... Option 1- UserBob has UserJoe log on to Ripped2 and create a file, ...
(Focus-Microsoft) - Re: NTFS File Encryption Question
... Unfortunately, they are not written in "novice english", but it's supposed to be possible to import the certificate and key and then be able to decrypt the file on another computer. ... I need to be able to move that USB drive to my laptop and be able to access the EFS encrypted files on the laptop. ... I have attempted to export the certificate and keys from the desktop and import them onto the laptop. ... Now, however, I wanted to be able to read those with my laptop, so I thought I would export the encryption keys to a ".pfx" file, which I did and put on the FAT partition, protected with a password. ...
(microsoft.public.windowsxp.general) - RE: Help Newbie..Upload file from SQL Server
... Enable SSL Encryption for SQL Server 2000 with Microsoft Management ... Steps to Use to Install a Certificate on a Server with Microsoft Management ... Steps to Enable Encryption for a Specific Client ...
(microsoft.public.sqlserver.programming) - Re: EFS and DRA. Admin unable to decrypt
... I checked it and I can see in the properties that the certificate ... The whole point of encryption is to keep people you don't want to see ... You can encrypt your personal temp directory ... directory for a place to drop stuff during install. ...
(microsoft.public.windowsxp.security_admin) - Re: EFS and DRA. Admin unable to decrypt
... >So the certificate is used to identify the user & the ... EFS encryption key, the system will generate one for him. ... file using *his* private key, because his public key was incorporated ... into the public-key encryption of the FEK. ...
(microsoft.public.windowsxp.security_admin) |
|
