Stack Overflow
Stack Overflow

Questions tagged [pki]

Public Key Infrastructure

PKI is a technical and/or organizational way to bind public keys with an identity. The most common types of PKI uses X.509 certificates (and in particular the IETF PKIX profiles).

823 questions
328
votes
10 answers

How does a public key verify a signature?

I am trying to get a better grapple on how public/private keys work. I understand that a sender may add a digital signature to a document using his/her private key to essentially obtain a hash of the document, but what I do not understand is how the…
jcampos8782
  • 3,956
  • 4
  • 22
  • 23
160
votes
6 answers

How to extract public key using OpenSSL?

The following command generates a file which contains both public and private key: openssl genrsa -des3 -out privkey.pem 2048 Source: here With OpenSSL, the private key contains the public key information as well, so a public key doesn't need to be…
Jake
  • 16,329
  • 50
  • 126
  • 202
105
votes
11 answers

Adding a self-signed certificate to iPhone Simulator?

I have a self-signed certificate at the endpoint of my API. I'm trying to test some things using the simulator but am getting "untrusted server certificate". I have tried to use safari on the simulator to download the .crt file, but that doesn't…
jr.
  • 4,503
  • 7
  • 44
  • 62
68
votes
2 answers

PKCS#1 and PKCS#8 format for RSA private key

Can some one help me understand how an RSA key literally is stored in these formats? I would like to know the difference between the PKCS formats vs Encodings(DER, PEM). From what I understand PEM is more human readable. Is PEM/DER for keys/certs…
akd
  • 1,427
  • 3
  • 16
  • 21
65
votes
4 answers

What does "subject" mean in certificate?

The related link is this MSDN article. I am always confused about the term "subject", for example, sk option "Specifies the subject's key container location", sr option "Specifies the subject's certificate store location". What exactly does…
George2
  • 44,761
  • 110
  • 317
  • 455
46
votes
11 answers

OpenSSL Certificate (Version 3) with Subject Alternative Name

I'm using the OpenSSL command line tool to generate a self signed certificate. It seems to be working correctly except for two issues. I can't get it to create a .cer with a Subject Alternative Name (critical) and I haven't been able to figure out…
Kandres22
  • 617
  • 1
  • 6
  • 11
44
votes
3 answers

What is CA certificate, and why do we need it?

I've just read this article about what is HTTPS service, and understand the basic of https. When requesting https content, the server will send a public key to browser, so that every time, the browser receive data will decrypted with the public…
Nicolas S.Xu
  • 13,794
  • 31
  • 84
  • 129
40
votes
2 answers

Is it possible to programmatically generate an X509 certificate using only C#?

We're trying to generate an X509 certificate (including the private key) programmatically using C# and the BouncyCastle library. We've tried using some of the code from this sample by Felix Kollmann but the private key part of the certificate…
Tom Robinson
  • 8,348
  • 9
  • 58
  • 102
34
votes
3 answers

What books will help me learn everything I can about SSL/PKI?

Since SSL is the backbone of the secure internet, (now technically called TLS), what are some good books I should read up on to understand all aspects of it? I suppose I'll need to learn some math, some PKI books, crypto, and Sysadmin books as well.…
makerofthings7
  • 60,103
  • 53
  • 215
  • 448
30
votes
3 answers

Why is SSLCertificateKeyFile needed for Apache?

What's the technical reason that SSLCertificateKeyFile is needed (the private key)? Where is that used and for what?
Tower
  • 98,741
  • 129
  • 357
  • 507
28
votes
3 answers

Which parts of the client certificate to use when uniquely identifying users?

I'm designing a system where users will be able to register and afterward authenticate with client certificates in addition to username/password authentication. The client certificates will have to be valid certificates issued by a configured list…
miha
  • 3,287
  • 3
  • 29
  • 44
25
votes
3 answers

How does one access the raw ECDH public key, private key and params inside OpenSSL's EVP_PKEY structure?

I'm using OpenSSL's c library to generate an elliptic curve Diffie-Hellman (ECDH) key pair, following the first code sample here. It glosses over the actual exchange of public keys with this line: peerkey = get_peerkey(pkey); The pkey variable and…
Bob Whiteman
  • 2,481
  • 2
  • 23
  • 27
25
votes
6 answers

Find if a certificate is self signed or CA signed

I have a web app, which allows user to upload pkcs12. I store the pkcs12 as binary in database. Is there any way for me to know if the certificate in the pkcs12 is self signed or CA signed? I am running a Java web app on tomcat and have openssl at…
Nishan
  • 2,821
  • 4
  • 27
  • 36
24
votes
3 answers

Implementing X509TrustManager - passing on part of the verification to existing verifier

I need to ignore the PKIX path building exception javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExc ption: unable to find valid…
user93353
  • 13,733
  • 8
  • 60
  • 122
22
votes
4 answers

Mutual-authentication with web services

Currently, I've been successful implementing Mutual Authentication security so long as the client accesses the website using a web browser, because browsers take care of all the certificate exchange for you. Now I need to create a secure interface…
bkritzer
  • 1,418
  • 3
  • 16
  • 27
1
2 3
54 55