Re: Use a private key file generated from Linux for digital signature in .NET
From: Michel Gallant (neutron_at_NOSPAMistar.ca)
Date: 01/14/04
- Next message: MR. UNDERHILL: "Please Help!!!"
- Previous message: fom: "how can I create...?"
- In reply to: Guangxi Wu: "Re: Use a private key file generated from Linux for digital signature in .NET"
- Next in thread: Guangxi Wu: "Re: Use a private key file generated from Linux for digital signature in .NET"
- Reply: Guangxi Wu: "Re: Use a private key file generated from Linux for digital signature in .NET"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Jan 2004 13:14:59 -0500
Depending on your needs, you might want to use certificate support
from WSE (but only supported on W2k+ and really more for server
usage).
CAPICOM is a good choice, very small client install (including the
Interop assembly your clients will need also for .NET) and excellent
cert store and signature support.
- Mitch Gallant
"Guangxi Wu" <gwu@ch2m.com> wrote in message news:uRMmzJg2DHA.1720@TK2MSFTNGP10.phx.gbl...
> I forgot to mention that I am using .NET Framework 1.1 and signedXML for the
> digital signature and verification.
>
> "Guangxi Wu" <gwu@ch2m.com> wrote in message
> news:u$Fz34f2DHA.1720@TK2MSFTNGP10.phx.gbl...
> > Here is a summary on what I found after further research following the
> > pointers of Mitch:
> >
> > 1. Convert the Linux private key file in PEM format to the PVK format
> using
> > Steve's PVKTool.
> > 2. Import the certificate along with the converted private key in PVK
> format
> > using PVKImport tool from Microsoft. Although the PVKImport documentation
> > seems to suggest that it can only import SPC files, I did succeed in
> > importing certificates in CER format, bypassing a CERT2SPC step.
> > 3. Use CAPICOM to use the imported certificate along with the private key
> to
> > digitally sign the messages.
> >
> > However, after much experiment, I decided not to use the Linux generated
> > private key and SSL certificate altogether. The main reason is that the
> > steps are cumbersome and have potential problems in the conversion and
> > import process, and the IT operation people might not like the management
> > issues associated with it. I will get a new SSL certificate using the keys
> > generated on a Windows machine.
> >
> > Here is my last (hopefully) question regarding this issue:
> >
> > Is CAPICOM is the best way to:
> > 1. Search for an installed certificate and retrieve its corresponding
> > private key for digital signing?
> > 2. Extract the public key from a X509 certificate for signature
> > verification?
> >
> > Thank you all for your time and help.
> >
> > --- Guangxi
> >
> > "Guangxi Wu" <gwu@ch2m.com> wrote in message
> > news:e7uFiDT2DHA.2360@TK2MSFTNGP10.phx.gbl...
> > > Hi Michel,
> > >
> > > Thank you very much for your pointers. I will take a look at the related
> > > discussions and report the result back to the groups.
> > >
> > > --- Guangxi
> > >
> > > "Michel Gallant" <neutron@NOSPAMistar.ca> wrote in message
> > > news:eMj$31x1DHA.2700@TK2MSFTNGP11.phx.gbl...
> > > > A PEM Private Key parser which would handle that was discussed a
> > > > few months ago in the CAPICOM discussion list:
> > > > http://discuss.microsoft.com/archives/capicom.html
> > > > You should be able to
> > > > parse out the RSA private key components and import into Microsoft
> > > > CSP keycontainer.
> > > >
> > > > You might find some userful related info at:
> > > > http://www.drh-consultancy.demon.co.uk/
> > > >
> > > > - Mitch Gallant
> > > > MVP Security
> > > >
> > > > "Guangxi Wu" <gwu@ch2m.com> wrote in message
> > > news:Ow3sShx1DHA.2412@TK2MSFTNGP10.phx.gbl...
> > > > > I am facing a rather unique problem. I need to use a SSL certificate
> > and
> > > its
> > > > > corresponding private key file generated from a Linux box to
> digitally
> > > sign
> > > > > SOAP messages using .NET Framework on Windows platform. I believe
> the
> > > key
> > > > > file is BASE64 encoded. Here is the content of the key file
> (modified
> > to
> > > > > protect the original key):
> > > > >
> > > > > -----BEGIN RSA PRIVATE KEY-----
> > > > > Proc-Type: 4,ENCRYPTED
> > > > > DEK-Info: DES-EDE3-CBC,AABC7B7E49CE9BF0
> > > > >
> > > > > 9Qx3LswsZ3cYiR+fPxzQEj2tlOqbWGrkfvzdkGEQC6ZYFbXS900BhsnE3jWPE9K+
> > > > > XTU2r6LigXt0Jw+tU1tG1PQbsNXygegRfKnt4LcsEzkWX0WYnX7W2Zgn2SgtbTA9
> > > > > cshmnMCVMOHKBnfrrpSBBKqGGdFwut/uXKr5Sin6mc+FHPNz9LaVrjzlFDrSsT64
> > > > > yIaocL31QhXqdcB2T2JiXU/GayzDpVmvkpDSpw5u4gbyUqkpuYmcG6L2LKeCYeDY
> > > > > wS9DPbnRYXmIwry8HVD/WcuodCR9h+DPS96HMLi3Kb1wkAKPysBVxSwNZPjCkNIv
> > > > > YBVH94Islb/gR6yJ3KNWtYrio06xCifM7ZPBYRCGfq/45aT061alnw3BnZDD9s4L
> > > > > sy627kRiV+iwBLA7LxCGvyU6aI005SLEawpTukxMELsFBf4VoesXrA==
> > > > > -----END RSA PRIVATE KEY-----
> > > > >
> > > > > Here are my questions:
> > > > >
> > > > > 1. Can I use this private key to digitally sign SOAP messages in
> .NET?
> > > > > 2. If yes, how can I install this private key to the key store? I
> > tried
> > > to
> > > > > use "sn.exe", but it gives me "Bad version of provider" error. I
> > assume
> > > > > Microsoft has a different CSP provider from Linux.
> > > > > 3. If I cannot install this private key to the key store, can I use
> > the
> > > > > private key file to create RSA key to sign the XML content? If yes,
> > are
> > > > > there any code samples to show how to do this?
> > > > >
> > > > > Thank you very much for your time and help.
> > > > >
> > > > > --- Guangxi
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: MR. UNDERHILL: "Please Help!!!"
- Previous message: fom: "how can I create...?"
- In reply to: Guangxi Wu: "Re: Use a private key file generated from Linux for digital signature in .NET"
- Next in thread: Guangxi Wu: "Re: Use a private key file generated from Linux for digital signature in .NET"
- Reply: Guangxi Wu: "Re: Use a private key file generated from Linux for digital signature in .NET"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
