Re: Private key generation
- From: "Valery Pryamikov" <valery@xxxxxxxxx>
- Date: Thu, 2 Mar 2006 22:44:56 +0100
As well as my prev. answer could be misleading too :-),
the part about "reflecting what it actually means" was to OP, not to Mitch (who explained the meaning of this bullet in his answer).
-Valery.
http://www.harper.no/valery
"Valery Pryamikov" <valery@xxxxxxxxx> wrote in message news:%23e$SSBkPGHA.3728@xxxxxxxxxxxxxxxxxxxxxxx
Probably... I agree that it could be a bit misleading, but nevertheless this bullet is correct, esp. if we cite it completely and reflect what it actually means :-)
"Generating a private key and distributing it to the requester's protected certificate store (CryptoAPI and cryptographic service providers)."
-Valery.
http://www.harper.no/valery
"Mitch Gallant" <jensigner@xxxxxxxxxxxxxxxx> wrote in message news:uQGWr5jPGHA.2828@xxxxxxxxxxxxxxxxxxxxxxxI think the OP was referring to this bullet:
.. " Generating a private key and distributing it to the requester's protected certificate store "
which is a bit misleading.
That is the client part of the service ... which does generate the private key (locally) and
installs it to the local "protected certificate store" ..
which probablyl means DPAPI secured storage in a capi "keycontainer" file.
- Mitch Gallant
MVP Security
"Valery Pryamikov" <valery@xxxxxxxxx> wrote in message news:uqZgmFjPGHA.2124@xxxxxxxxxxxxxxxxxxxxxxxHi,
you have probably misread the article to which you are referring in your post. I've searched the article for occurrences of word "private" and the only place where they mistakenly used it instead of "public" was when they described what information about allocated certificates are archived on CA... but otherwise the article always states that private keys are generated by certificate requestors...
However, there are plenty situations when generation of private key on trusted server makes a perfect sense and is actually done that way. Such situations may vary from generation of high assurance private keys, enrolling private keys on tamper resistant devices, enterprise key escrow schemes, identity based encryption and many others.
-Valery.
http://www.harper.no/valery
"Francesco" <Francesco@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:544AB09C-D174-4E82-B242-3B669B9BA97D@xxxxxxxxxxxxxxxxHi,
I've read that in a certificate request the private key is generated by CA
and then sent to requester.
(http://technet2.microsoft.com/WindowsServer/en/Library/d7cd44f4-b39a-4d35-bb56-a239f72b7e4c1033.mspx)
Is this correct?
I believe that private and public keys are created by client (maybe csp) and
then, the public key, sent to the CA. In this way private key never pass
trougth the net.
Any suggestion?
Thanks
Francesco
.
- References:
- Re: Private key generation
- From: Valery Pryamikov
- Re: Private key generation
- From: Mitch Gallant
- Re: Private key generation
- From: Valery Pryamikov
- Re: Private key generation
- Prev by Date: Re: Private key generation
- Next by Date: Re: Private key generation
- Previous by thread: Re: Private key generation
- Next by thread: Re: Private key generation
- Index(es):
Relevant Pages
|
