• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Question about security certificates

 
Ranch Hand
Posts: 226
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If I have a root certificate, would I need another certificate to encrypt and sign messages? Can the root certificate be used alone to encrypt and sign messages? Could you point me to any reference material that would give me the answer to my questions?
 
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That depends on the certificate, the application, and whether you have the private key or just the certificate.
 
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can encode the messages using a simple base64 algorithm and sign the payload with the root certificate. Alternatively, you can use symmetric keys to sign and encrypt the payload with corresponding symmetric keys (placed at the client) to decrypt and validate.
 
greg stark
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

You can encode the messages using a simple base64 algorithm and sign the payload with the root certificate. Alternatively, you can use symmetric keys to sign and encrypt the payload with corresponding symmetric keys (placed at the client) to decrypt and validate.



makes no sense at all. Nothing the OP said implied the need to encode anything; signing is done with a private key, but a certificate contains only a public key; when using a symmetric key to perform data integrity, the usual term is "MAC", not "sign".
 
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Nitin Pathak:you can use symmetric keys to sign and encrypt the payload



Technically, one could do this. But why in the world would you want to?
If you use symmetric keys, you have to solve key management. And key management is very hard. That is why RSA was invented.

Most signatures are MAC or HMAC, not using symmertric keys.
 
Yeah, but does being a ninja come with a dental plan? And what about this tiny ad?
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic