private key - X.509 Self Signed Certificates -

-

i'm trying understand more x.509 digital certificates. there seems lots of contradiction around. using bouncy castle generate key pair, using

public static void savetofile(x509certificate newcert, asymmetriccipherkeypair kp, string filepath, string certalias, string password) {     var newstore = new pkcs12store();     var certentry = new x509certificateentry(newcert);     newstore.setcertificateentry(certalias, certentry);     newstore.setkeyentry(certalias,            new asymmetrickeyentry(kp.private), new[] { certentry });      using (var certfile = file.create(filepath))         newstore.save(certfile, password.tochararray(), new securerandom(new cryptoapirandomgenerator())); }

this saves generated certificate disk. articles tell there no need password protect certificate there no private key stored in there. this article says certificate indeed contain private key.

i guess have 2 questions me understand this:

  1. if generate keys in way, should password same passphrase private key?
  2. do distribute x.509 certificate prove public key mine (being paired name in certificate) or should certificate kept safe , secret private key , use self-signed certificate?

a pkcs#12 file can contain both certificate , private key. are, however, stored separate, distinct objects. certificate has public key embedded within it. since certificate contains public key, considered "public" well. can feel free distribute certificate, not contain private key, should kept confidential. basis of security in asymmetric cryptography.

because pkcs#12 file contains both items, encrypted password protect private key within it. said, use private key prove certificate distribute belongs you. example, through use of digital signature on document.

hope helps!


Comments

Post a Comment

Popular posts from this blog

html5 - What is breaking my page when printing? -

-
Image
i have questioner , don't know why when printing it's creating break before first question. live demo (link) i able resolve issue removing fieldset container had wrapped in.. having fieldset element causing of fields grouped together, , since not fit on first page, being pushed second page. removing fieldset element, able firefox print first 2 questions on page 1 identically chrome. it seems not new problem firefox , fieldset not playing nice found old bugzilla ticket 2008 has persisted , still being commented on in 2014 (link) if retaining fieldset important, found solution else came here (link) <script type='text/javascript'> $(window).bind('beforeprint', function(){ $('fieldset').each( function(item) { $(this).replacewith($('<div class="fieldset">' + this.innerhtml + '</div>')); } ) }); $(window).bind(
Read more

c# - must be a non-abstract type with a public parameterless constructor in redis -

-
when save object, got below error must non-abstract type public parameterless constructor in order use parameter 't' in generic type or method 'servicestack.redis.redisclient.store<t>(t) redisclass.getinstnace().store(msg); // error here redisclass.getinstnace().save(); as third party's class, can not edit how save object? could create wrapper around third party object call constructor, store wrapper? e.g. public class mywrapper { public thirdpartyobject thirdpartyinstance { get; set; } public mywrapper() { thirdpartyinstance = new thirdpartyobject("constructors"); } }
Read more

ajax - PHP/JSON Login script (Twitter style) not setting sessions -

-
i'm having trouble getting twitter style login work properly, reason gets stuck at session_register("useremail"); session_register("userpass"); and doesn't redirect after it. if enter wrong account data, works , appropriate error message pops up. this full code: <?php if(empty($_post['email']) || empty($_post['password'])) { die(msg(0,"all fields required")); } if(!(preg_match("/^[\.a-z0-9_\-\+]+[@][a-z0-9_\-]+([.][a-z0-9_\-]+)+[a-z]{1,4}$/", $_post['email']))) die(msg(0,"you haven't provided valid e-mail")); $host="localhost"; $username="root"; $password="x"; $db_name="x"; $tbl_name="x"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select db"); $useremail=$_post['email']; $userpass=
Read more