Re: Client Certificates Issue

Under the Certificate Management Console, there is one container named
"Active Directory User Objects" where the certificate is available, what is
the Store Name for that store or, how can I access it using C#.Net code? (If
possible of course)

"Joe Kaplan (MVP - ADSI)" wrote:

You can't use the user's private key for this as it is on their workstation,
not on your server. If you need to do that, you need to write some sort of
code that runs locally on their workstation.

Joe K.

"Infospy" <Infospy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BA5ABFA8-BB17-4B0F-9287-BD57441ABF2E@xxxxxxxxxxxxxxxx
I need to sign some information processed on a webpart, so i need the
private
key, the public key will be stored in the server database so the other
users
can verify the signature...

Any suggestions?

Thanks

"Joe Kaplan (MVP - ADSI)" wrote:

You can't. The client possesses the private key and never provides that
to
the server. It wouldn't be private anymore if they did! When the SSL
client cert handshake takes place, the client simple signs some data with
their private key in order to prove to the server that they are the
"owner"
of the private key for the certificate they provided to the server.

Also, you don't encrypt data with the private key. Private keys are for
signing and decrypting. Public keys are used for encrypting and
verifying
signatures. It seems like people constantly get themselves in trouble by
getting this confused.

Joe K.

"Infospy" <Infospy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F18B52CF-191F-4321-90CB-926FFC694814@xxxxxxxxxxxxxxxx
Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal
Server
2003.

I've made a Form that captures n informations that will be stored under
a
SQL database.

The problem is that i need to generate a Digital Signature using the
same
data.

I Will generate a message Digest and store it, and then Encrypt it
using
private key and Store it also in the same record.

The question i have is, how can i get the user certificate in order to
do
this?

I can't seem to find any information about getting the user Certificate
so
i
can signature the data.

Thanks in Advace for you help.

Best Regards






.

Relevant Pages

  • Re: Private key generation
    ... As I wrote in my first answer to that thread - there are many situations when key pair is generated on trusted server. ... identity based encryption) simply requires generation of private key on server... ... High assurance keys (especially these that afterward are split in multiple shares using secret sharing schemes) may also require use of specialized equipment and computers that runs in a tempest/EM shielded locations. ... Default scenario supported by Microsoft Certificate Server is the most standard CA mode when CA just signs X509 certificate with emedded public keys. ...
    (microsoft.public.dotnet.security)
  • Re: PFXExportCertStoreEx
    ... which contains the actual PFX and write that to the disk. ... methods to export certificate + private key from the IE store. ...
    (microsoft.public.platformsdk.security)
  • Re: Unable to unwrap a symmetric key using the private key of an X
    ... the certificate (public and private key) is ... installed in the personal store of both local computer and current user and I ... The problem is related to the certificate store on the web service side. ... You installed the certificate in "OtherPeople" store but the policy points ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Certificate key access under Network Service in IIS 6
    ... Haven't done that because I've been remoted in to the customer's server. ... It is likely the private key file but might be a registry key as well. ... I can get the signing process to work if I have the IIS Application Pool configured to run under SYSTEM but running under the preferred NETWORK SERVICE account the private key access of the certificate fails. ...
    (microsoft.public.dotnet.security)
  • Re: How to use certificates?
    ... I expect that server will know the client public key, ... > private key for that certificate. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)