RE: Decryption using private key from cert store failing with err
From: Rhett Gong [MSFT] (v-raygon_at_online.microsoft.com)
Date: 02/28/05
- Next message: Rhett Gong [MSFT]: "Re: SE_REGISTRY_WOW64_64KEY?"
- Previous message: lelteto: "RE: Windows 2003 - User Logins vs Software"
- In reply to: scott: "RE: Decryption using private key from cert store failing with err"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Feb 2005 01:46:32 GMT
>The reason we need to do a decrypt(private)/encrypt(public) is that that
is
>part of the SSL standard. It decrypts with the private key and then the
>other side encrypts with the public key
>From your description, I think you are using RSA for server authentication
and key exchange. If it is, then a process is as follows (from RFC2246):
<quote>
"a 48-byte pre_master_secret is generated by the client, encrypted under
the server's public key, and sent to the server. The server uses its
private key to decrypt the pre_master_secret. Both parties then convert the
pre_master_secret into the master_secret, as specified above.
RSA digital signatures are performed using PKCS #1 [PKCS1] block type 1.
RSA public key encryption is performed using PKCS #1 block type 2"
</quote>
Thanks,
Rhett Gong [MSFT]
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties and confers no rights.
- Next message: Rhett Gong [MSFT]: "Re: SE_REGISTRY_WOW64_64KEY?"
- Previous message: lelteto: "RE: Windows 2003 - User Logins vs Software"
- In reply to: scott: "RE: Decryption using private key from cert store failing with err"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
