aspose file tools*
The moose likes Security and the fly likes Get the PrivateKey Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Get the PrivateKey" Watch "Get the PrivateKey" New topic
Author

Get the PrivateKey

Jeppe Sommer
Ranch Hand

Joined: Jan 07, 2004
Posts: 270
Does anyone know how we can get the PrivateKey from an already exsisting certificate? I don�t want to make a new KeyPair, but use an existing keyStore and the users certificate...


[ December 05, 2006: Message edited by: Jeppe Fjord ]
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18845
    
  40

Originally posted by Jeppe Fjord:
Does anyone know how we can get the PrivateKey from an already exsisting certificate? I don�t want to make a new KeyPair, but use the users already existing keyStore and certificate...


Given a signature, it is not possible to get the original private key. The only thing that can be done is to verify the signature with the public key. If it was possible to obtain the private key from a signature, it would be possible to create fake signatures, given a signature.

Henry


Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
Jeppe Sommer
Ranch Hand

Joined: Jan 07, 2004
Posts: 270
I think I understand how it works. So I do the following steps:

1) Create a keystore and save it on the server

2) Each user has to upload his/her certificate to the keystore, i.e. using the username as the alias

3) To sign a document the user type in his password and together with the alias we can access the certficate and make the PrivateKey

4) We sign the document using the privateKey

5) We store/send the document, the signature and the certificate to the enduser

Is that the way it works?
Mallik Soupati
Greenhorn

Joined: Aug 20, 2006
Posts: 7
Generally a certificate doesnt carry a private key, thats not the norm either. You would have to sign your data with your private key which is never disclosed to anyother, in any form.

To provide, a private key to sign, you either have to point to a filesysteme location where you have the private key, or you have to generate a passphrase-dependent private key.
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
If we could get the private key from the certificate , then what is its use.


Rahul Bhattacharjee
LinkedIn - Blog
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Get the PrivateKey