Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Client Certificates Issue

Reply
Thread Tools

Client Certificates Issue

 
 
Infospy
Guest
Posts: n/a
 
      03-27-2006
Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal Server
2003.

I've made a Form that captures n informations that will be stored under a
SQL database.

The problem is that i need to generate a Digital Signature using the same
data.

I Will generate a message Digest and store it, and then Encrypt it using
private key and Store it also in the same record.

The question i have is, how can i get the user certificate in order to do
this?

I can't seem to find any information about getting the user Certificate so i
can signature the data.

Thanks in Advace for you help.

Best Regards
 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      03-28-2006
You can't. The client possesses the private key and never provides that to
the server. It wouldn't be private anymore if they did! When the SSL
client cert handshake takes place, the client simple signs some data with
their private key in order to prove to the server that they are the "owner"
of the private key for the certificate they provided to the server.

Also, you don't encrypt data with the private key. Private keys are for
signing and decrypting. Public keys are used for encrypting and verifying
signatures. It seems like people constantly get themselves in trouble by
getting this confused.

Joe K.

"Infospy" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal
> Server
> 2003.
>
> I've made a Form that captures n informations that will be stored under a
> SQL database.
>
> The problem is that i need to generate a Digital Signature using the same
> data.
>
> I Will generate a message Digest and store it, and then Encrypt it using
> private key and Store it also in the same record.
>
> The question i have is, how can i get the user certificate in order to do
> this?
>
> I can't seem to find any information about getting the user Certificate so
> i
> can signature the data.
>
> Thanks in Advace for you help.
>
> Best Regards



 
Reply With Quote
 
 
 
 
Infospy
Guest
Posts: n/a
 
      03-28-2006
I need to sign some information processed on a webpart, so i need the private
key, the public key will be stored in the server database so the other users
can verify the signature...

Any suggestions?

Thanks

"Joe Kaplan (MVP - ADSI)" wrote:

> You can't. The client possesses the private key and never provides that to
> the server. It wouldn't be private anymore if they did! When the SSL
> client cert handshake takes place, the client simple signs some data with
> their private key in order to prove to the server that they are the "owner"
> of the private key for the certificate they provided to the server.
>
> Also, you don't encrypt data with the private key. Private keys are for
> signing and decrypting. Public keys are used for encrypting and verifying
> signatures. It seems like people constantly get themselves in trouble by
> getting this confused.
>
> Joe K.
>
> "Infospy" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal
> > Server
> > 2003.
> >
> > I've made a Form that captures n informations that will be stored under a
> > SQL database.
> >
> > The problem is that i need to generate a Digital Signature using the same
> > data.
> >
> > I Will generate a message Digest and store it, and then Encrypt it using
> > private key and Store it also in the same record.
> >
> > The question i have is, how can i get the user certificate in order to do
> > this?
> >
> > I can't seem to find any information about getting the user Certificate so
> > i
> > can signature the data.
> >
> > Thanks in Advace for you help.
> >
> > Best Regards

>
>
>

 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      03-28-2006
You can't use the user's private key for this as it is on their workstation,
not on your server. If you need to do that, you need to write some sort of
code that runs locally on their workstation.

Joe K.

"Infospy" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I need to sign some information processed on a webpart, so i need the
>private
> key, the public key will be stored in the server database so the other
> users
> can verify the signature...
>
> Any suggestions?
>
> Thanks
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> You can't. The client possesses the private key and never provides that
>> to
>> the server. It wouldn't be private anymore if they did! When the SSL
>> client cert handshake takes place, the client simple signs some data with
>> their private key in order to prove to the server that they are the
>> "owner"
>> of the private key for the certificate they provided to the server.
>>
>> Also, you don't encrypt data with the private key. Private keys are for
>> signing and decrypting. Public keys are used for encrypting and
>> verifying
>> signatures. It seems like people constantly get themselves in trouble by
>> getting this confused.
>>
>> Joe K.
>>
>> "Infospy" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal
>> > Server
>> > 2003.
>> >
>> > I've made a Form that captures n informations that will be stored under
>> > a
>> > SQL database.
>> >
>> > The problem is that i need to generate a Digital Signature using the
>> > same
>> > data.
>> >
>> > I Will generate a message Digest and store it, and then Encrypt it
>> > using
>> > private key and Store it also in the same record.
>> >
>> > The question i have is, how can i get the user certificate in order to
>> > do
>> > this?
>> >
>> > I can't seem to find any information about getting the user Certificate
>> > so
>> > i
>> > can signature the data.
>> >
>> > Thanks in Advace for you help.
>> >
>> > Best Regards

>>
>>
>>



 
Reply With Quote
 
Infospy
Guest
Posts: n/a
 
      03-29-2006
Under the Certificate Management Console, there is one container named
"Active Directory User Objects" where the certificate is available, what is
the Store Name for that store or, how can I access it using C#.Net code? (If
possible of course)

"Joe Kaplan (MVP - ADSI)" wrote:

> You can't use the user's private key for this as it is on their workstation,
> not on your server. If you need to do that, you need to write some sort of
> code that runs locally on their workstation.
>
> Joe K.
>
> "Infospy" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >I need to sign some information processed on a webpart, so i need the
> >private
> > key, the public key will be stored in the server database so the other
> > users
> > can verify the signature...
> >
> > Any suggestions?
> >
> > Thanks
> >
> > "Joe Kaplan (MVP - ADSI)" wrote:
> >
> >> You can't. The client possesses the private key and never provides that
> >> to
> >> the server. It wouldn't be private anymore if they did! When the SSL
> >> client cert handshake takes place, the client simple signs some data with
> >> their private key in order to prove to the server that they are the
> >> "owner"
> >> of the private key for the certificate they provided to the server.
> >>
> >> Also, you don't encrypt data with the private key. Private keys are for
> >> signing and decrypting. Public keys are used for encrypting and
> >> verifying
> >> signatures. It seems like people constantly get themselves in trouble by
> >> getting this confused.
> >>
> >> Joe K.
> >>
> >> "Infospy" <(E-Mail Removed)> wrote in message
> >> news:(E-Mail Removed)...
> >> > Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal
> >> > Server
> >> > 2003.
> >> >
> >> > I've made a Form that captures n informations that will be stored under
> >> > a
> >> > SQL database.
> >> >
> >> > The problem is that i need to generate a Digital Signature using the
> >> > same
> >> > data.
> >> >
> >> > I Will generate a message Digest and store it, and then Encrypt it
> >> > using
> >> > private key and Store it also in the same record.
> >> >
> >> > The question i have is, how can i get the user certificate in order to
> >> > do
> >> > this?
> >> >
> >> > I can't seem to find any information about getting the user Certificate
> >> > so
> >> > i
> >> > can signature the data.
> >> >
> >> > Thanks in Advace for you help.
> >> >
> >> > Best Regards
> >>
> >>
> >>

>
>
>

 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      03-30-2006
I don't understand how this could solve your problem. There are no private
keys published in a user's certificates in AD.

Joe K.

"Infospy" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Under the Certificate Management Console, there is one container named
> "Active Directory User Objects" where the certificate is available, what
> is
> the Store Name for that store or, how can I access it using C#.Net code?
> (If
> possible of course)
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>



 
Reply With Quote
 
asp.net punisher
Guest
Posts: n/a
 
      04-26-2006
Joe Kaplan, man if u dont have any solution pls dont annoy with the same answer 3 times.

If IE sign (at the beggining of request) with the private key of the client, how we can use this functionality from our web pages.

I think there's a way to call this proc from asp.net page, call it activeX or whatever.

If anyone knows how to do it pls post it!

TIA.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
python xmlrpc client with ssl client certificates and standard modules News123 Python 9 02-15-2012 01:04 PM
Are SSL certificates and x.509 certificates the same? n33470 ASP .Net Web Services 0 12-14-2005 03:30 PM
VPN Client to PIX 515 - using certificates doesn't work Peter Cisco 7 08-29-2004 04:28 PM
VPN Client <> PIX 515 with certificates (long!) Patrick M. Hausen Cisco 0 08-16-2004 12:50 PM
Self-issued certificates and commercial certificates. Lord Amoeba Computer Security 2 05-05-2004 01:40 PM



Advertisments