0

I have a question, I have created my own certificate with this command :

1) makecert -r -pe -n "CN=MyTest" -sky exchange -sv MyTest.pvk MyTest.cer

2) pvk2pfx -pvk MyTest.pvk -spc MyTest.cer -pfx MyTest.pfx

So I have created a simple console application for crypt an decrypt text with this certificate, all work fine... example:

1) Crypt from text "1" I get "RLSym/wwReReo3GMM27ueIcMFRWHAB1AELnFVERnYuMbjBJi0QrW+oV2ADdJQ8VoZlShun0=" 2) Decrypt from "RLSym/wwReReo3GMM27ueIcMFRWHAB1AELnFVERnYuMbjBJi0QrW+oV2ADdJQ8VoZlShun0=" I get "1".

Now I ricreate the certificate with the same command and password and use new one, when I try to Decrypt text create with The first certificate I receive an error, why? It is not possible to ricreate the certificate with the same credential and option if I lose the first one certificate? all my data saved on database is lost?

Thx.

Angelo
  • 101
  • 1
  • 9
  • That is by design. You shouldn't be able to create two certificates that are the same. It would kind of blow up the whole security scenario it was designed for in the first place. – rene Sep 05 '17 at 08:34
  • So certificates are not good for saving encrypted data on the database, if I have to renew the certificate lose all the data encrypted – Angelo Sep 05 '17 at 08:45
  • Most databases come with encryption options. I would use those, assuming they did the hard job of handling stale certificates. But in general, yes, if you roll your own encrypt/decrypt you better also design for if you have to change the keys .... – rene Sep 05 '17 at 08:50
  • Thanks for the answer, then I will use certificates only to authenticate and create a secure connection, while to encrypt the data I will use the standard framing methods of the Microsoft framework – Angelo Sep 05 '17 at 08:53

0 Answers0