Re: Client Certificates Issue

You can't use the user's private key for this as it is on their workstation,
not on your server. If you need to do that, you need to write some sort of
code that runs locally on their workstation.

Joe K.

"Infospy" <Infospy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BA5ABFA8-BB17-4B0F-9287-BD57441ABF2E@xxxxxxxxxxxxxxxx
I need to sign some information processed on a webpart, so i need the
private
key, the public key will be stored in the server database so the other
users
can verify the signature...

Any suggestions?

Thanks

"Joe Kaplan (MVP - ADSI)" wrote:

You can't. The client possesses the private key and never provides that
to
the server. It wouldn't be private anymore if they did! When the SSL
client cert handshake takes place, the client simple signs some data with
their private key in order to prove to the server that they are the
"owner"
of the private key for the certificate they provided to the server.

Also, you don't encrypt data with the private key. Private keys are for
signing and decrypting. Public keys are used for encrypting and
verifying
signatures. It seems like people constantly get themselves in trouble by
getting this confused.

Joe K.

"Infospy" <Infospy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F18B52CF-191F-4321-90CB-926FFC694814@xxxxxxxxxxxxxxxx
Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal
Server
2003.

I've made a Form that captures n informations that will be stored under
a
SQL database.

The problem is that i need to generate a Digital Signature using the
same
data.

I Will generate a message Digest and store it, and then Encrypt it
using
private key and Store it also in the same record.

The question i have is, how can i get the user certificate in order to
do
this?

I can't seem to find any information about getting the user Certificate
so
i
can signature the data.

Thanks in Advace for you help.

Best Regards





.

Relevant Pages

  • [OT] Re: RSA implementation, please comment.
    ... on a separate server is actually a very good idea, ... This web front uses a well defined and secure ... Don't store the private key on the server. ... Every client gets a smartcard for the decryption (or a HSM, ...
    (comp.lang.perl.misc)
  • now SSL and ids ( was Re: ssh and ids )
    ... > How many simultaneous SSL sessions can be tracked? ... qualifies as a third party having access to the private key. ... communicate with the server in the clear. ... > best protection against covert channels is to stop the attacker before ...
    (Focus-IDS)
  • Re: TIPS FOR THE NEWCOMER
    ... As long as the private key is readable by the ssh client when it comes ... When the ssh client connects to the server, ... private key which matches the public key. ...
    (SSH)
  • Re: Private key generation
    ... As I wrote in my first answer to that thread - there are many situations when key pair is generated on trusted server. ... identity based encryption) simply requires generation of private key on server... ... High assurance keys (especially these that afterward are split in multiple shares using secret sharing schemes) may also require use of specialized equipment and computers that runs in a tempest/EM shielded locations. ... Default scenario supported by Microsoft Certificate Server is the most standard CA mode when CA just signs X509 certificate with emedded public keys. ...
    (microsoft.public.dotnet.security)
  • Re: Location of users private key in PKI solution
    ... If clients and server are Windows platforms, check out CAPICOM as it would ... > It sounds as though I should design the system so that the client ... > application performs the signing operation as that is the most likely ... >> The private key is typically located on the users machine. ...
    (microsoft.public.security)