Need Help on Digital Signature verification
Raju
public key corresponding to the key pair stored in B7E4Feuc.pfx file?
I think it just has public key of CA so that an individual can verify
certificate authenticity or public key of the certificate.
How do we distribute public key of the certificate to the clients?
Raju
Thanks to: http://www.simple-talk.com/content/article.aspx?article=833#forum
Suppose you are the user A and you want to sign a message to send to
the user B. With the private key (contained on the ...euc.pfx
certificate) you signed the message and you send the signed message
plus the public key contained on the ...euc.pfx to B. B verifies your
signature. For that it can use only the public key on the ...euc.pfx
certificate. Every other public key invalidate the signature.
But there is a problem. How B can be sure that the message is sent by
A ? An entity, say C, can generate your own certificate, saying that
it is A, and send to B a signed message impersonating A. How can B be
sure that the public key (and the message) that received is the A
public key (and the message was sent by A) ? It need a third entity,
that it trusts, that assures that the certificate is really the A
certificate. This entity is said certificate authority. It has the
responsibility to assure B that the certificate received is the A's
certificate. So it take the A public key and signs it with its private
key. When B receives the message, it verifies the signature with the
public key received and it verifies with the CA public key
(the ...ica.p12 certificate) that the A certificate (the ...euc.pfx)
is really the A certificate (by verifing the signature on it computed
by the CA). So, the goal of the ..ica.p12 certificate is only to
verify the signature on the ...euc.pfx certificate, not to verify
messages signed by the ...euc.pfx. For more details you can read
http://www.we-coffee.com/knowledge/BIB_R5YWR.aspx
we-coffee staff
the certificate store under the section "trusted root certification
authorities". (you can open it using the command certmgr.msc). All the
certificate stored under this node are considered valid for
certificate validation.
The trusted root certification authorities contains:
1. commercial ca certificate. They are inserted by Microsoft and are
related to commercial ca
2. own ca (internal certificate authority (ICA) certificates) they are
inserted by the user and are related to certificate authority built
for example inside an organization.
To validate your euc.pfx certificate you need only to manually install
the ica.p12 certificate on this store. To do so, double click on the
certificate file and follow the instruction that appears. The wizard
will recognize the certificate as ca certificate and will insert it in
the trusted root certification authorities (The euc.pfx certificate
will go under the personal store). When the wizard will ask the
password to install the ica.p12 certificate, leave it blank. The
certificate has no the private key and does not need to be protected.
Keep in mind that others vendor may use different certificate store
for the ca certificate. They works all in the same way. The commercial
ca are already on the store, personal ca must be installed on it. This
is the case for example, of all browsers different form internet
explorer and acrobat reader. Check the products documentation to
understand how to install the ica.p12 certificate as trusted ca
certificate.