Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
platform
active.directory
adsi
adsi.iis-admin
base
com_ole
complus_mts
component_svcs
database
directx
gdi
graphics_mm
internet.client
internet.server
internet.server.isapi-dev
localization
mapi
messaging
msi
mslayerforunicode
multimedia
networking
networking.ipv6
sdk_install
security
shell
telephony.tapi_2
telephony.tapi_3
telephony.tsp
telephony.wte
tools
ui
ui_shell
win_base_svcs
win16
  
 
date: Wed, 30 Apr 2008 04:10:48 -0700 (PDT),    group: microsoft.public.platformsdk.security        back       


import only public key    
Hi...

I am trying to create a certificate using hardcoded key file. I am
using a sample code i found from the net. Now the certificate is
created with both the public and private key. But i dont want the
private key in my certificate. When i view frm IE my certificate
shows, "you have a private key that corresponds to this certificate.".
Can i create a certificate by importing only the public key??

Let me know if you need any more info..
Thanks in advance...
date: Wed, 30 Apr 2008 04:10:48 -0700 (PDT)   author:   Janma

RE: import only public key    
I don't think the CERTIFICATE itself contains the private key. You can test 
this: EXPORT your certificate (but don't export the private key) then import 
it into another computer. You will see that the cert itself doesn't have the 
private key.

You can also manually inspect the certificate content, you just have to know 
the format (ASN1) and see part by part what's in the cert.

As for your question: NO, you cannot create a certificate without having the 
private key. That private key MUST SIGN the certificate request. Your private 
key is in the Windows certificate STORE - but is not in the certificate 
itself.

Hope this clarifies.

Laszlo Elteto
SafeNet, Inc.

"Janma" wrote:

> Hi...
> 
> I am trying to create a certificate using hardcoded key file. I am
> using a sample code i found from the net. Now the certificate is
> created with both the public and private key. But i dont want the
> private key in my certificate. When i view frm IE my certificate
> shows, "you have a private key that corresponds to this certificate.".
> Can i create a certificate by importing only the public key??
> 
> Let me know if you need any more info..
> Thanks in advance...
>
date: Wed, 30 Apr 2008 08:30:02 -0700   author:   lelteto

Re: import only public key    
i tried ur steps.. whn i export the certificate it indeed does not
have the private key.. but how does other certificates in the trusted
root store does not show the "you have a private key" message..
whereas my certificate shows it.. is there a way to remove that
message?


On Apr 30, 8:30 pm, lelteto  wrote:
> I don't think the CERTIFICATE itself contains the private key. You can test
> this: EXPORT your certificate (but don't export the private key) then import
> it into another computer. You will see that the cert itself doesn't have the
> private key.
>
> You can also manually inspect the certificate content, you just have to know
> the format (ASN1) and see part by part what's in the cert.
>
> As for your question: NO, you cannot create a certificate without having the
> private key. That private key MUST SIGN the certificate request. Your private
> key is in the Windows certificate STORE - but is not in the certificate
> itself.
>
> Hope this clarifies.
>
> Laszlo Elteto
> SafeNet, Inc.
>
> "Janma" wrote:
> > Hi...
>
> > I am trying to create a certificate using hardcoded key file. I am
> > using a sample code i found from the net. Now the certificate is
> > created with both the public and private key. But i dont want the
> > private key in my certificate. When i view frm IE my certificate
> > shows, "you have a private key that corresponds to this certificate.".
> > Can i create a certificate by importing only the public key??
>
> > Let me know if you need any more info..
> > Thanks in advance...
date: Wed, 30 Apr 2008 22:18:27 -0700 (PDT)   author:   Janma

Re: import only public key    
You have a private key LINKED to your certificate. You actually need it, 
because you want to use YOUR private key to (1) sign messages and (2) decrypt 
messages sent to you.
The certificate store simply indicates which certs have private keys linked 
(usually only your own cert(s)) so one can know which cert has and which 
doesn't.
You don't have to do anything with it, because others cannot use your 
private key (unless they can log in with your password). Even an 
Administrator cannot get to and use your private key unless he gets to your 
login password.

Why would you want to remove your private key from your certificate? If you 
do that, your cert becomes useless, because you cannot sign your messages and 
you cannot decrypt messages sent to you (and encrypted with your public key - 
which is in the cert).

Laszlo Elteto
SafeNet, Inc.

"Janma" wrote:

> i tried ur steps.. whn i export the certificate it indeed does not
> have the private key.. but how does other certificates in the trusted
> root store does not show the "you have a private key" message..
> whereas my certificate shows it.. is there a way to remove that
> message?
> 
> 
> On Apr 30, 8:30 pm, lelteto  wrote:
> > I don't think the CERTIFICATE itself contains the private key. You can test
> > this: EXPORT your certificate (but don't export the private key) then import
> > it into another computer. You will see that the cert itself doesn't have the
> > private key.
> >
> > You can also manually inspect the certificate content, you just have to know
> > the format (ASN1) and see part by part what's in the cert.
> >
> > As for your question: NO, you cannot create a certificate without having the
> > private key. That private key MUST SIGN the certificate request. Your private
> > key is in the Windows certificate STORE - but is not in the certificate
> > itself.
> >
> > Hope this clarifies.
> >
> > Laszlo Elteto
> > SafeNet, Inc.
> >
> > "Janma" wrote:
> > > Hi...
> >
> > > I am trying to create a certificate using hardcoded key file. I am
> > > using a sample code i found from the net. Now the certificate is
> > > created with both the public and private key. But i dont want the
> > > private key in my certificate. When i view frm IE my certificate
> > > shows, "you have a private key that corresponds to this certificate.".
> > > Can i create a certificate by importing only the public key??
> >
> > > Let me know if you need any more info..
> > > Thanks in advance...
> 
>
date: Tue, 6 May 2008 09:58:02 -0700   author:   lelteto

Re: import only public key    
On May 6, 9:58 pm, lelteto  wrote:
> You have a private key LINKED to your certificate. You actually need it,
> because you want to use YOUR private key to (1) sign messages and (2) decrypt
> messages sent to you.
> The certificate store simply indicates which certs have private keys linked
> (usually only your own cert(s)) so one can know which cert has and which
> doesn't.
> You don't have to do anything with it, because others cannot use your
> private key (unless they can log in with your password). Even an
> Administrator cannot get to and use your private key unless he gets to your
> login password.
>
> Why would you want to remove your private key from your certificate? If you
> do that, your cert becomes useless, because you cannot sign your messages and
> you cannot decrypt messages sent to you (and encrypted with your public key -
> which is in the cert).
>
> Laszlo Elteto
> SafeNet, Inc.
>
> "Janma" wrote:
> > i tried ur steps.. whn i export the certificate it indeed does not
> > have the private key.. but how does other certificates in the trusted
> > root store does not show the "you have a private key" message..
> > whereas my certificate shows it.. is there a way to remove that
> > message?
>
> > On Apr 30, 8:30 pm, lelteto  wrote:
> > > I don't think the CERTIFICATE itself contains the private key. You can test
> > > this: EXPORT your certificate (but don't export the private key) then import
> > > it into another computer. You will see that the cert itself doesn't have the
> > > private key.
>
> > > You can also manually inspect the certificate content, you just have to know
> > > the format (ASN1) and see part by part what's in the cert.
>
> > > As for your question: NO, you cannot create a certificate without having the
> > > private key. That private key MUST SIGN the certificate request. Your private
> > > key is in the Windows certificate STORE - but is not in the certificate
> > > itself.
>
> > > Hope this clarifies.
>
> > > Laszlo Elteto
> > > SafeNet, Inc.
>
> > > "Janma" wrote:
> > > > Hi...
>
> > > > I am trying to create a certificate using hardcoded key file. I am
> > > > using a sample code i found from the net. Now the certificate is
> > > > created with both the public and private key. But i dont want the
> > > > private key in my certificate. When i view frm IE my certificate
> > > > shows, "you have a private key that corresponds to this certificate.".
> > > > Can i create a certificate by importing only the public key??
>
> > > > Let me know if you need any more info..
> > > > Thanks in advance...

okays.. thanks a lot for your advice.
date: Tue, 6 May 2008 22:38:59 -0700 (PDT)   author:   Janma

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us