Client Certificates Issue

Discussion in 'ASP .Net Security' started by Infospy, Mar 27, 2006.

  1. Infospy

    Infospy Guest

    Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal Server
    2003.

    I've made a Form that captures n informations that will be stored under a
    SQL database.

    The problem is that i need to generate a Digital Signature using the same
    data.

    I Will generate a message Digest and store it, and then Encrypt it using
    private key and Store it also in the same record.

    The question i have is, how can i get the user certificate in order to do
    this?

    I can't seem to find any information about getting the user Certificate so i
    can signature the data.

    Thanks in Advace for you help.

    Best Regards
    Infospy, Mar 27, 2006
    #1
    1. Advertising

  2. You can't. The client possesses the private key and never provides that to
    the server. It wouldn't be private anymore if they did! When the SSL
    client cert handshake takes place, the client simple signs some data with
    their private key in order to prove to the server that they are the "owner"
    of the private key for the certificate they provided to the server.

    Also, you don't encrypt data with the private key. Private keys are for
    signing and decrypting. Public keys are used for encrypting and verifying
    signatures. It seems like people constantly get themselves in trouble by
    getting this confused.

    Joe K.

    "Infospy" <> wrote in message
    news:...
    > Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal
    > Server
    > 2003.
    >
    > I've made a Form that captures n informations that will be stored under a
    > SQL database.
    >
    > The problem is that i need to generate a Digital Signature using the same
    > data.
    >
    > I Will generate a message Digest and store it, and then Encrypt it using
    > private key and Store it also in the same record.
    >
    > The question i have is, how can i get the user certificate in order to do
    > this?
    >
    > I can't seem to find any information about getting the user Certificate so
    > i
    > can signature the data.
    >
    > Thanks in Advace for you help.
    >
    > Best Regards
    Joe Kaplan \(MVP - ADSI\), Mar 28, 2006
    #2
    1. Advertising

  3. Infospy

    Infospy Guest

    I need to sign some information processed on a webpart, so i need the private
    key, the public key will be stored in the server database so the other users
    can verify the signature...

    Any suggestions?

    Thanks

    "Joe Kaplan (MVP - ADSI)" wrote:

    > You can't. The client possesses the private key and never provides that to
    > the server. It wouldn't be private anymore if they did! When the SSL
    > client cert handshake takes place, the client simple signs some data with
    > their private key in order to prove to the server that they are the "owner"
    > of the private key for the certificate they provided to the server.
    >
    > Also, you don't encrypt data with the private key. Private keys are for
    > signing and decrypting. Public keys are used for encrypting and verifying
    > signatures. It seems like people constantly get themselves in trouble by
    > getting this confused.
    >
    > Joe K.
    >
    > "Infospy" <> wrote in message
    > news:...
    > > Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal
    > > Server
    > > 2003.
    > >
    > > I've made a Form that captures n informations that will be stored under a
    > > SQL database.
    > >
    > > The problem is that i need to generate a Digital Signature using the same
    > > data.
    > >
    > > I Will generate a message Digest and store it, and then Encrypt it using
    > > private key and Store it also in the same record.
    > >
    > > The question i have is, how can i get the user certificate in order to do
    > > this?
    > >
    > > I can't seem to find any information about getting the user Certificate so
    > > i
    > > can signature the data.
    > >
    > > Thanks in Advace for you help.
    > >
    > > Best Regards

    >
    >
    >
    Infospy, Mar 28, 2006
    #3
  4. You can't use the user's private key for this as it is on their workstation,
    not on your server. If you need to do that, you need to write some sort of
    code that runs locally on their workstation.

    Joe K.

    "Infospy" <> wrote in message
    news:...
    >I need to sign some information processed on a webpart, so i need the
    >private
    > key, the public key will be stored in the server database so the other
    > users
    > can verify the signature...
    >
    > Any suggestions?
    >
    > Thanks
    >
    > "Joe Kaplan (MVP - ADSI)" wrote:
    >
    >> You can't. The client possesses the private key and never provides that
    >> to
    >> the server. It wouldn't be private anymore if they did! When the SSL
    >> client cert handshake takes place, the client simple signs some data with
    >> their private key in order to prove to the server that they are the
    >> "owner"
    >> of the private key for the certificate they provided to the server.
    >>
    >> Also, you don't encrypt data with the private key. Private keys are for
    >> signing and decrypting. Public keys are used for encrypting and
    >> verifying
    >> signatures. It seems like people constantly get themselves in trouble by
    >> getting this confused.
    >>
    >> Joe K.
    >>
    >> "Infospy" <> wrote in message
    >> news:...
    >> > Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal
    >> > Server
    >> > 2003.
    >> >
    >> > I've made a Form that captures n informations that will be stored under
    >> > a
    >> > SQL database.
    >> >
    >> > The problem is that i need to generate a Digital Signature using the
    >> > same
    >> > data.
    >> >
    >> > I Will generate a message Digest and store it, and then Encrypt it
    >> > using
    >> > private key and Store it also in the same record.
    >> >
    >> > The question i have is, how can i get the user certificate in order to
    >> > do
    >> > this?
    >> >
    >> > I can't seem to find any information about getting the user Certificate
    >> > so
    >> > i
    >> > can signature the data.
    >> >
    >> > Thanks in Advace for you help.
    >> >
    >> > Best Regards

    >>
    >>
    >>
    Joe Kaplan \(MVP - ADSI\), Mar 28, 2006
    #4
  5. Infospy

    Infospy Guest

    Under the Certificate Management Console, there is one container named
    "Active Directory User Objects" where the certificate is available, what is
    the Store Name for that store or, how can I access it using C#.Net code? (If
    possible of course)

    "Joe Kaplan (MVP - ADSI)" wrote:

    > You can't use the user's private key for this as it is on their workstation,
    > not on your server. If you need to do that, you need to write some sort of
    > code that runs locally on their workstation.
    >
    > Joe K.
    >
    > "Infospy" <> wrote in message
    > news:...
    > >I need to sign some information processed on a webpart, so i need the
    > >private
    > > key, the public key will be stored in the server database so the other
    > > users
    > > can verify the signature...
    > >
    > > Any suggestions?
    > >
    > > Thanks
    > >
    > > "Joe Kaplan (MVP - ADSI)" wrote:
    > >
    > >> You can't. The client possesses the private key and never provides that
    > >> to
    > >> the server. It wouldn't be private anymore if they did! When the SSL
    > >> client cert handshake takes place, the client simple signs some data with
    > >> their private key in order to prove to the server that they are the
    > >> "owner"
    > >> of the private key for the certificate they provided to the server.
    > >>
    > >> Also, you don't encrypt data with the private key. Private keys are for
    > >> signing and decrypting. Public keys are used for encrypting and
    > >> verifying
    > >> signatures. It seems like people constantly get themselves in trouble by
    > >> getting this confused.
    > >>
    > >> Joe K.
    > >>
    > >> "Infospy" <> wrote in message
    > >> news:...
    > >> > Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal
    > >> > Server
    > >> > 2003.
    > >> >
    > >> > I've made a Form that captures n informations that will be stored under
    > >> > a
    > >> > SQL database.
    > >> >
    > >> > The problem is that i need to generate a Digital Signature using the
    > >> > same
    > >> > data.
    > >> >
    > >> > I Will generate a message Digest and store it, and then Encrypt it
    > >> > using
    > >> > private key and Store it also in the same record.
    > >> >
    > >> > The question i have is, how can i get the user certificate in order to
    > >> > do
    > >> > this?
    > >> >
    > >> > I can't seem to find any information about getting the user Certificate
    > >> > so
    > >> > i
    > >> > can signature the data.
    > >> >
    > >> > Thanks in Advace for you help.
    > >> >
    > >> > Best Regards
    > >>
    > >>
    > >>

    >
    >
    >
    Infospy, Mar 29, 2006
    #5
  6. I don't understand how this could solve your problem. There are no private
    keys published in a user's certificates in AD.

    Joe K.

    "Infospy" <> wrote in message
    news:...
    > Under the Certificate Management Console, there is one container named
    > "Active Directory User Objects" where the certificate is available, what
    > is
    > the Store Name for that store or, how can I access it using C#.Net code?
    > (If
    > possible of course)
    >
    > "Joe Kaplan (MVP - ADSI)" wrote:
    >
    Joe Kaplan \(MVP - ADSI\), Mar 30, 2006
    #6
  7. Joe Kaplan, man if u dont have any solution pls dont annoy with the same answer 3 times.

    If IE sign (at the beggining of request) with the private key of the client, how we can use this functionality from our web pages.

    I think there's a way to call this proc from asp.net page, call it activeX or whatever.

    If anyone knows how to do it pls post it!

    TIA.
    asp.net punisher, Apr 26, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Krishna
    Replies:
    0
    Views:
    386
    Krishna
    May 17, 2004
  2. Krishna
    Replies:
    1
    Views:
    3,585
    Krishna
    May 19, 2004
  3. Russ

    Client Certificates

    Russ, Jun 22, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    5,148
  4. News123
    Replies:
    9
    Views:
    3,059
    vilas
    Feb 15, 2012
  5. n33470

    Are SSL certificates and x.509 certificates the same?

    n33470, Dec 14, 2005, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    176
    n33470
    Dec 14, 2005
Loading...

Share This Page