Highest Voted 'pki' Questions

21

votes

5 answers

Digital certificates: What is the difference between encrypting and signing

I am relatively new to PKI, certificates and all related stuff. As far as I understand in public-key cryptography one encrypt with a public key and decrypt with a private key. Only one private key can correspond to any public key but the opposite is…

digital-signature digital-certificate pki

asked Feb 17 '14 at 08:01

user1745356

4,462
7
42
70

19

votes

4 answers

Signature and Exchange key types– what are they and when to use each ( Makecert -sky )?

-sky switch Specifies the subject's key type, which must be signature, exchange, or an integer that represents a provider type. By default, you can pass 1 for an exchange key and 2 for a signature key. If I understand this correctly,…

.net certificate pki

asked Nov 23 '10 at 20:34

user437291

4,561
7
37
53

19

votes

1 answer

C# Export cert in pfx format

NET to export a certificate from the cert store into a PFX file. I'm trying to use the X509certificate2.Export method with the X509ContentType.Pfx flag set, but am unsure how to handle the returned byte array and output it correctly to file. Any…

pki pfx x509certificate2

asked Jul 24 '09 at 10:33

J Hunt

850
1
7
14

18

votes

4 answers

PKI multiple public keys

I'm wondering if I can have multiple public keys for a private key. Can this be done? If so, what are the security issues!? If I generate multiple key pairs based on the same initial values (with no initial vector), shouldn't the keys be…

security encryption pki

asked Jun 23 '10 at 08:50

André Moreira

1,669
4
21
35

18

votes

3 answers

How can I choose a different client certificate in Firefox?

When I choose a client certificate in Firefox (or cancel choosing none), Firefox seems to remember this decision even though I've told it to ask me every time. I understand that it'd be useless for Firefox to ask me every page load, so of course…

firefox pki

asked Jan 09 '15 at 16:04

jesdynf

434
1
3
8

16

votes

2 answers

How to implement TLS between microservices

Can someone please comment on, vet, critique, or otherwise blast holes in the microservices security design I’m considering? Let’s say I have three microservices, each of which talks to the other two via REST endpoints. Each microservice contains a…

ssl microservices pki

asked May 17 '18 at 22:01

divaconhamdip

181
1
1
5

15

votes

2 answers

Signing certificate with another certificate signed by CA

Is it possible to sign a new certificate using a certificate signed by a CA as the CA for other certificates and still have them validated by the root CA? Example: # create new key openssl genrsa -des3 -out server.key 2048 openssl req -new -key…

openssl x509 pki

asked Jan 23 '14 at 21:36

Martin

3,509
3
26
31

15

votes

7 answers

2-way SSL for web services on GAE (java)

We need to implement two-way SSL on Google App Engine, where we send out web service requests using JAX-WS to a server requring 2-way SSL authentication. How can we set up 2-way SSL for our outgoing web service requests? We know that javax.net.ssl*…

java web-services google-app-engine ssl pki

asked Jun 07 '12 at 15:09

Cuga

17,668
31
111
166

14

votes

5 answers

Where is the JRE lib/security directory on Mac OS X?

I need to generate a cert and can't find this directory. Thanks!

java macos pki java-security

asked Dec 07 '11 at 00:51

bethesdaboys

1,797
7
22
35

14

votes

3 answers

Signing certificate request with certificate authority

I want to use TLS mutual authentication to authenticate a client on a API made in go. I've created a certificate authority, and let's say Bob has a key pair he wants to use with the client. Bob created a certificate request and want me to validate…

go x509certificate tls1.2 pki mutual-authentication

asked Mar 07 '17 at 07:58

krostar

345
1
3
10

14

votes

2 answers

PKCS12 Java Keystore from CA and User certificate in java

I've recently been put in charge of mocking up an Apple product (iPhone Configuration Utility) in Java. One of the sections I've been a bit stuck on is a part about Exchange ActiveSync. In there, it allows you to select a certificate from your…

java encryption x509certificate pki pkcs#12

asked Sep 01 '10 at 00:33

Staros

3,232
6
30
41

14

votes

2 answers

Trusting an expired self-signed certificate while calling a webservice

There is a webservice protected by a certificate. In the client code which calls it, the certificate's CA has to present in the truststore (JRE_path\lib\security\cacerts) - if not, you get the PKIX exception on the client side. What happens if the…

java web-services pki truststore appserver

asked Jul 02 '15 at 10:14

user93353

13,733
8
60
122

14

votes

3 answers

Accessing signing/encryption in a browser's Keystore using JavaScript - sample code? (WebCryptoAPI)

I have a web server that allows access only using X509 authentication. Works like a charm. Now I want to extend the use of the X509 certificates (which are stored in the user's browser keystore) to Sign data before it is sent to the server (using…

javascript digital-signature pki webcrypto-api

asked Jul 04 '14 at 06:19

stwissel

20,110
6
54
101

14

votes

1 answer

"Bad key" exception for certificates with exportable private key

I am trying to encrypt and then decrypt files using asymmetric encryption. I've created a test certificate using makecert and installed it into my personal localmachine store. In future I'll have to install this certificate on several servers,…

c# cryptography certificate pki

asked Jan 10 '10 at 13:08

Dmitry Perets

1,093
9
20

13

votes

4 answers

Primer for X.509 certificates on Windows

I am presently studying the topic of encrypting and signing SOAP messages via WSE 3.0 or WCF. Since I have not participated in distributed application development involving the public Internet, I find my knowledge on X.509 ceritificates lacking and…

wcf certificate pki x509 wse

asked Jan 09 '09 at 03:38

icelava

9,787
7
52
74

Questions tagged [pki]