Re: Trusted Certificates

From: Michel Gallant (neutron_at_istar.ca)
Date: 04/27/04

• Next message: Michel Gallant: "Cert issuer verification: CryptoAPI vs Java"
• Previous message: David Cross [MS]: "Re: Modifying a cert template ?"
• In reply to: Sandi: "Re: Trusted Certificates"
• Next in thread: anonymous_at_discussions.microsoft.com: "Re: Trusted Certificates"
• Reply: anonymous_at_discussions.microsoft.com: "Re: Trusted Certificates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 27 Apr 2004 08:42:28 -0400

You can use CertFindCertificateInStore() with
     dwFindType=CERT_PUBLIC_KEY_INFO
for this.
Note that the "PublicKey" blob in the CERT_PUBLIC_KEY_INFO struct is an encoded
public key (RSAPublicKey format).
If you need to understand more about the various possible "public key" formats see:
   http://www.jensign.com/JavaScience/dotnet/JKeyNet

Of course you can store entire certificates (e.g. SignedData messages often do this).
However, if you are manually verifying (instead of letting the local security manager verify trust)
you MUST manually check if the issuer is in your trusted cert stores (no matter whether
you use CryptoAPI, Java security etc..).

- Mitch Gallant
   MVP Security

"Sandi" <anonymous@discussions.microsoft.com> wrote in message
news:4a7e01c42c13$fe84bfd0$a301280a@phx.gbl...
> Hi..
> Thankyou
> thats true if I have the certificate. But I have only the
> public key of the certificate, which I store in the
> document.
>
> Can we store the whole certificate without the private
> key in a document and later retreive that for later
> varification purpose.?
>
> Regards
> Sandi
>
>

---

• Next message: Michel Gallant: "Cert issuer verification: CryptoAPI vs Java"
• Previous message: David Cross [MS]: "Re: Modifying a cert template ?"
• In reply to: Sandi: "Re: Trusted Certificates"
• Next in thread: anonymous_at_discussions.microsoft.com: "Re: Trusted Certificates"
• Reply: anonymous_at_discussions.microsoft.com: "Re: Trusted Certificates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Problem Setting Up x.509 Certificates for WSE2.0 ... I am having trouble following the instructions provided for the sample apps ... certificate store and the local machine certificate store snap-ins. ... MsdnWse2SecuritySamplesClient.cer (Client's public key) -> ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: exporting a public key using the cryptoapi ... key blob from a certificate, but it appears that your real purpose is to ... A .cer file is an entire certificate, not just a public key. ... consider these steps to go from a certificate context to a .cer file. ... Save the memory store to a .cer file. ... (microsoft.public.platformsdk.security) Re: How To Access Public Key Certificate ... The certificate own only a public key and stored in the AdressBook ... I'm really stuck with assymetric encryption. ... > store certificate. ... (microsoft.public.platformsdk.security) Re: Certificates: Which store to add to? ... But before I can call the chaining function on the cert, ... or retrieve the public key, I first need to get the ... chain back to the root certificate). ... >You should not have to import the cert into any store, ... (microsoft.public.platformsdk.security) Re: TLS-certificates and interoperability-issues sendmail / Exchange / postfix .. ... > to assert that certificate validation doesn't happen, ... this trusted public key store contains public keys of that the ... signed by the CA. this digital certificate is returned to the "key ... (comp.security.unix)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)