• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

Get the PrivateKey

 
Ranch Hand
Posts: 270
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does anyone know how we can get the PrivateKey from an already exsisting certificate? I don�t want to make a new KeyPair, but use an existing keyStore and the users certificate...


[ December 05, 2006: Message edited by: Jeppe Fjord ]
 
author
Posts: 23909
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Jeppe Fjord:
Does anyone know how we can get the PrivateKey from an already exsisting certificate? I don�t want to make a new KeyPair, but use the users already existing keyStore and certificate...



Given a signature, it is not possible to get the original private key. The only thing that can be done is to verify the signature with the public key. If it was possible to obtain the private key from a signature, it would be possible to create fake signatures, given a signature.

Henry
 
Jeppe Sommer
Ranch Hand
Posts: 270
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think I understand how it works. So I do the following steps:

1) Create a keystore and save it on the server

2) Each user has to upload his/her certificate to the keystore, i.e. using the username as the alias

3) To sign a document the user type in his password and together with the alias we can access the certficate and make the PrivateKey

4) We sign the document using the privateKey

5) We store/send the document, the signature and the certificate to the enduser

Is that the way it works?
 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Generally a certificate doesnt carry a private key, thats not the norm either. You would have to sign your data with your private key which is never disclosed to anyother, in any form.

To provide, a private key to sign, you either have to point to a filesysteme location where you have the private key, or you have to generate a passphrase-dependent private key.
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If we could get the private key from the certificate , then what is its use.
 
reply
    Bookmark Topic Watch Topic
  • New Topic