Client Certificates Issue

[Infospy]

Hi! I'm developing a C#.Net WebPart running under Sharepoint Portal Server
2003.

I've made a Form that captures n informations that will be stored under a
SQL database.

The problem is that i need to generate a Digital Signature using the same
data.

I Will generate a message Digest and store it, and then Encrypt it using
private key and Store it also in the same record.

The question i have is, how can i get the user certificate in order to do
this?

I can't seem to find any information about getting the user Certificate so i
can signature the data.

Thanks in Advace for you help.

Best Regards

 

[Joe Kaplan \(MVP - ADSI\)]

You can't. The client possesses the private key and never provides that to
the server. It wouldn't be private anymore if they did! When the SSL
client cert handshake takes place, the client simple signs some data with
their private key in order to prove to the server that they are the "owner"
of the private key for the certificate they provided to the server.

Also, you don't encrypt data with the private key. Private keys are for
signing and decrypting. Public keys are used for encrypting and verifying
signatures. It seems like people constantly get themselves in trouble by
getting this confused.

Joe K.

 

[Infospy]

I need to sign some information processed on a webpart, so i need the private
key, the public key will be stored in the server database so the other users
can verify the signature...

Any suggestions?

Thanks

 

[Joe Kaplan \(MVP - ADSI\)]

You can't use the user's private key for this as it is on their workstation,
not on your server. If you need to do that, you need to write some sort of
code that runs locally on their workstation.

Joe K.

 

[Infospy]

Under the Certificate Management Console, there is one container named
"Active Directory User Objects" where the certificate is available, what is
the Store Name for that store or, how can I access it using C#.Net code? (If
possible of course)

 

[Joe Kaplan \(MVP - ADSI\)]

I don't understand how this could solve your problem. There are no private
keys published in a user's certificates in AD.

Joe K.

 

[asp.net punisher]

Joe Kaplan, man if u dont have any solution pls dont annoy with the same answer 3 times.

If IE sign (at the beggining of request) with the private key of the client, how we can use this functionality from our web pages.

I think there's a way to call this proc from asp.net page, call it activeX or whatever.

If anyone knows how to do it pls post it!

TIA.