Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Get the PrivateKey

 
Jeppe Sommer
Ranch Hand
Posts: 270
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does anyone know how we can get the PrivateKey from an already exsisting certificate? I don�t want to make a new KeyPair, but use an existing keyStore and the users certificate...


[ December 05, 2006: Message edited by: Jeppe Fjord ]
 
Henry Wong
author
Marshal
Pie
Posts: 21114
78
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Jeppe Fjord:
Does anyone know how we can get the PrivateKey from an already exsisting certificate? I don�t want to make a new KeyPair, but use the users already existing keyStore and certificate...


Given a signature, it is not possible to get the original private key. The only thing that can be done is to verify the signature with the public key. If it was possible to obtain the private key from a signature, it would be possible to create fake signatures, given a signature.

Henry
 
Jeppe Sommer
Ranch Hand
Posts: 270
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think I understand how it works. So I do the following steps:

1) Create a keystore and save it on the server

2) Each user has to upload his/her certificate to the keystore, i.e. using the username as the alias

3) To sign a document the user type in his password and together with the alias we can access the certficate and make the PrivateKey

4) We sign the document using the privateKey

5) We store/send the document, the signature and the certificate to the enduser

Is that the way it works?
 
Mallik Soupati
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Generally a certificate doesnt carry a private key, thats not the norm either. You would have to sign your data with your private key which is never disclosed to anyother, in any form.

To provide, a private key to sign, you either have to point to a filesysteme location where you have the private key, or you have to generate a passphrase-dependent private key.
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If we could get the private key from the certificate , then what is its use.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic