I have a question related to PKI Infrastructure , should an organization go with Microsoft PKI or an independent separate PKI Infrastructure ? Is there any licensing restrictions if I user Microsoft PKI Infrastructure ? Or should I get an independent PKI infrastructure from a vendor that offer PKI TSA and SP(Signature Proof) Infrastruct...
i have an X509Certificate that i want to add extensions to... i want to add the PrivateKeyUsage extension, but i dont know how to create a PrivateKeyUsage object or how to give it notBefore & notAfter values ... thanks ...
Hello all, I'm wondering if I can have multiple public keys for a private key. Can this be done? If so, what are the security issues!? If I generate multiple key pairs based on the same initial values (with no initial vector), shouldn't the keys be "compatible"? I'm just checking some things out and I would appreciate any help :) Ch...
In bouncycastle I can create a DEROctetString starting from a KeyUsage. How can I obtain KeyUsage starting from a DEROctetString then? Example: DEROctetString derString = new DEROctetString(new KeyUsage(KeyUsage.digitalSignature)); KeyUsage ku = ...(some code to get back KeyUsage starting from derString)... I need this because I'm a...
I'm trying to generate a CSR in Python without using OpenSSL. If someone could point in the right direction, I'd be very grateful. ...
How extensive are the Cryptographic options offered by Apple for the iPhone OS? Does it have public key infrastructure support? Can the Keystore (or I guess keychain) be leveraged by third party applications and are they able to pull/store private keys there? What about support for the LDAP for pulling user's public certificates? ...
I have two AssymetricAlgorithm RSA keys that I have pulled out of a certificate that was in my keystore. One is the Public Key and the other the Private. Is there a way of getting this keypair into a BouncyCastle AsymmetricCipherKeyPair? BouncyCastle's AsymmetricCipherKeyPair expects a public and private AsymmetricKeyParameter however I ...
I have a Linux/Apache/Rails stack hosting a data service. The data service is basically a front end for multiple data sources, akin to a federated search. Queries to the service are authenticated via PKI. When handling each request, the PKI must be forwarded to each data source appropriate for the given request - each data source us...
I am trying to extend the legacy code of an online game to provide a reasonable assurance that the resource files associated with the game are the latest version, and not tampered with. I'd like to do this without DRM, without going into kernel mode, and without hardware assistance. What I ultimately settle on should ideally be about as ...
X509 certificate has set of keyUsage bits. Two of them are digitalSignature nonRepudiation (recent editions of X.509 have renamed this bit to contentCommitment). I read X509 RFC (http://tools.ietf.org/html/rfc5280) and it talks about general usage of these bit. And I read PKCS7 RFC (http://tools.ietf.org/html/rfc2315) and it talks abou...
I don't have an understanding on how the whole InfoPath product works. I know it can save data to Sharepoint. But here are a few bits of information I'm confused about: If someone saves an Infopath form to SPS, is the entire form saved, or just the data? How would an approval scenario work? My employer wants to use as little code ...
I am having trouble doing something simple like the following using (SPSite site = new SPSite(topLevelSite)) { SPWeb rootWeb = site.OpenWeb(); SPWeb newWeb = rootWeb.Webs.Add(siteName, "abc", "abc",1033,template,false,false); } But the catch I am trying to add a site to a PKI enabled sharepoint site: This code works fine when i...
Hello, I've recently been put in charge of mocking up an Apple product (iPhone Configuration Utility) in Java. One of the sections I've been a bit stuck on is a part about Exchange ActiveSync. In there, it allows you to select a certificate from your Keychain to use as credentials for your EAS account. After some research, I found that ...
Hello. Most CAs are selling code signing certificates in different "products", like Verisign or Certum: Microsoft Authenticode - "Allows you to sign EXE, OCX, DLL, bla..." Java CodeSign - "Allows you to sign Java code" Software Publisher Certificate - "Allows you to sign software" Well, I am REALLY confused about this. What is the d...
Hey all, Recently I've begun looking into developing a simple CA/SCEP server. While the CA wasn't much of a problem (not much of a CA either), the SCEP server has thrown me for a bit of a loop at one particular place. So far I respond to the "GetCACert" and "GetCACaps" requests correctly. Now I'm attempting to respond to the "PKIOperat...
Is there a way to limit the certificates listed in the dialog box when prompted for DoD PKI authentication? I'm trying to require the user to choose the email certificate. ...
A web app written in Python is planned, Django is a leading contender as framework. One requirement is CAC access, wihout the need to hand enter username and password. From what I can tell, CAC access is not part of the "batteries" included with Django. As a monolithic framework (not necessarily a bad attribute) Django has a rep for b...
I've got to files: a .der- and a .p12-file, with a key pair, which we should use for creating und verifiing digital signatures in our java code. I must save both keys in a MySql-Database-Table -> Keys(id, publicKey, privateKey, validity) To read both keys is not a big problem now, but I have no idea, how to read information about their...
My PGP secret keys are always password protected, which means you need to decrypt it using a symmetric key to get access to my private key. I am interested in making my password protected PGP secret key publicly available but I am not entirely sure if I am missing something. Storing my secret key on my computer seems only to be making t...
We're trying to generate an X509 certificate (including the private key) programmatically using C# and the BouncyCastle library. We've tried using some of the code from this sample by Felix Kollmann but the private key part of the certificate returns null. Code and unit test are as below: using System; using System.Collections; using Or...