pki

What is Public key infrastucture

I need to know what is public key infastructure. I need to know is this related to sending requests and response as like WsHttpbinding in WCF. ...

Python accessing web service protected by PKI/SSL

I need to use Python to access data from a RESTful web service that requires certificate-based client authentication (PKI) over SSL/HTTPS. What is the recommended way of doing this? ...

C# Export cert in pfx format

Hi im trying to use .Net and c# to export a certificate from the cert store into a PFX file. I'm trying to use the X509certificate2.export method wiht the X509ContentType.Pfx flag set, but am unsure how to handle the returned byte array and output it correctly to file. Any help appreciated. Thanks Mark ...

Setting Certificate Friendly Name

Im trying to set the certificate friendly name during the certificate request/acceptance process. I understand that this a property of the microsoft store rather than the certificate and an wondering what .net/c# technique might be used to set it. ...

Creating OpenVPN Keys and Cert using ruby - how

Id like to be able to create client keys for an openvpn setup from within a ruby script. Im wondering how to go about this. Im assuming i coudl create my own CA and key generation code in ruby. Or i could somehow just call the easy-rsa scripts (non-ruby) from within my ruby script and somehow simulate the keyboard when easy-rsa prompts...

What's a good strategy for automatically incorporating self-signed certs into my truststore in Java?

We've built a JEE app in JBoss that exposes web services to external consumers. We want to secure these services so that we know who is making the web service invocations. We have a registration process that requires the consumers to upload their public key so that we can add it to our truststore. However it is currently a manual proc...

Unencrypted SSL protocol?

Is it possible to send a message over https that isn't encrypted? For example, require that certificate validation and authorization occur, but not encrypt the actual data being sent over the socket? ...

X509 Certificates, DigitalSignature vs NonRepudiation (C#)

We have been handed a set of test sertificates on smart cards for developing a solution that requires XML messages to be signed using PKI. Each (physical) smart card seems to have two certificates stored on it. I import them into the Windows certificate store using software supplied by the smart card provider, and then use code resemblin...

How does keytool protect keys?

When you are building a key store with the Java Keytool utility, how are the keys protected? I've read through the documentation, and I realize that each private key has a key password, and then the store has a store password. But what mechanism is used to protect the data? Is it an encryption cipher? If so, what is the algorithm? I...

"Bad key" exception for certificates with exportable private key

Hello, I am trying to encrypt and then decrypt files using asymmetric encryption. I've created a test certificate using makecert and installed it into my personal localmachine store. In future I'll have to install this certificate on several servers, that's why I've created it with "-pe" flag, that is, with exportable private key. The c...

Serial Number of a X.509 Certificate

Hello, I am programming a Certification Authority in java for a uni class, now I don't know what's the best option for the serial number of the Certificate. Simple static counter from 0 to veryBigNumber some huge BigInt random number Is there any good reason for choosing one over the other... or none of them?? thanks, ...

Can SQL Server EKM be used with MS Certificate Service?

Hi there, I am trying to implement EKM and feel current 3rd party products are a bit pricy. Can i simply use MS Certificate Service for EKM? Thanks, Ebe. ...

Adding a self-signed certificate to iphone Simulator?

I have a self-signed certificate at the endpoint of my API. I'm trying to test some things using the simulator but am getting "untrusted server certificate". I have tried to use safari on the simulator to download the .crt file, but that doesn't seem to work. Where does iPhone Simulator get its keychain from? How can I add a trusted ...

Symmetric Key to Asymmetric key handoff

I'm not a cryptography expert, I actually only have a little bit of experience using it at all. Anyways, the time has come where one of my applications demands that I have some encryption set up. Please note, the program won't be managing anything super critical that will be able to cause a lot of damage. Anyways, I was just trying to...

Mutual-authentication with web services

Currently, I've been successful implementing Mutual Authentication security so long as the client accesses the website using a web browser, because browsers take care of all the certificate exchange for you. Now I need to create a secure interface with which users can access web services over HTTPS, using the mutual authentication requir...

iPhone Simulator custom CA certificate.

I'd like to test an application on the iphone simulator which connects to a service using a certificate which is signed by our own CA. I can do this on the actual device by adding a provisioning profile which has the CA certificate. I had thought that having the CA certificate in the standard OSX keychain would work, but it doesn't. So ...

How can I decrypt encrypted files using a PEM private key?

I have files which have either been encrypted with a public key and the Blowfish algorithm, or a public key and the AES-256 algorithm. I'm looking to put together a Perl script that would be able to use the private keys (which I do have) to decrypt the files. The public and private key files are all in PEM format, and while I can fin...

Importing Thawte trial certificates into a Java keystore

Hello, I'm trying to configure a Tomcat server with SSL. I've generated a keypair thus: $ keytool -genkeypair -alias tomcat -keyalg RSA -keystore keys Next I generate a certificate signing request: $ keytool -certreq -keyalg RSA -alias tomcat -keystore keys -file tomcat.csr Then I copy-paste the contents of tomcat.csr into a form ...

How to update crl for tomcat

How to create and update the crl file for tomcat server.xml? ...

Is certificate Subject the content of certificate?

Is certificate Subject the content of certificate? such as: Subject DN = Subject Distinguished Name = the unique identifier for what this thing is. Includes information about the thing being certified, including common name, organization, organization unit, country codes, etc. Subject Key = part (or all) of the certificate's private/p...