Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1029
  • Last Modified:

Decrypt Token with Cert Private Key

I am attempting to generate a private/public key pair to key to decrypt the contents being passed via a http post.  I a new with working with certs and have have created test certs with using makecert.exe.  however no private key is assosicated with certification.  I am looking for some leads to point me in the right direction as my attempts have been fruitless.  

created a public/private key to decrypt that has been posted to page.

yeti
0
morriss0506
Asked:
morriss0506
  • 2
  • 2
1 Solution
 
ParanormasticCryptographic EngineerCommented:
I think that rewording your question might be helpful - it is a little bit confusing what you are trying to do specifically, which what you are doing it with (OS version, web software like IIS or Apache, etc.), and what the problem is (error messages).

So I am assuming that you are using a self-signed cert instead of one from your own CA or a commerical CA.  When you do that, it should create the private key for you.  If you open up the Certificates MMC and look in the personal store, the cert should be listed there.  If you open that up on the default page there should be an icon at the bottom of the window that pops up showing the name and such stating that you have the associated private key.  If you do not have this, then that is a problem and you should try to clear out any previous self-signed certs issued to that server by that server and try again.  

Here's a couple links for makecert:
http://www.inventec.ch/chdh/notes/14.htm
http://msdn.microsoft.com/en-us/library/bfsktky3(VS.80).aspx

For doing a lot of things using self-signed certs you won't trust them until you export (don't move) the cert (don't need the private key for this part) and then import it into the trusted root CA store (if on Vista, check the box to view physical stores).

Lets start with that and we'll take it from there.
0
 
morriss0506Author Commented:
I'll try and elaborate.  I a creating a page that receives a post from a third party site where site info is posted to me via hidden input.  The value posted is encryted and a test cert was obtained by the third party in order to create a public/private key pair to decrypt the information posted.  Presently I capture the post and have installed the provided certificate.  However when I try to decrypt I get a error unable to find certificate.  Additionally when I view the certificate there is no private key assocated with it.

I hope that helps, this is my fist attempt working with certificates.
0
 
ParanormasticCryptographic EngineerCommented:
Ok, the private key missing from the cert is the key here.
Since you are getting the cert from a 3rd party, this can be done one of two different ways:
1) Standard method - create a CSR from your box and email it to the 3rd party for them to process against their CA and then they will send you back the signed certificate for you to install on the same box.  This can be done through your web hosting software, here is a generic link for instructions:
http://www.verisign.com/support/ssl-certificates-support/page_dev019431.html
(only send it to 3rd party instead of verisign, of course)  This way the private key never leaves your box.

2) 3rd party creates a certificate and installs it on their end, and then exports it into a PKCS #12 (.pfx) file which would be encrypted using a synchonous key with a password assigned to decrypt it on your end and install it.  When you get the pfx file, you would just double click it and run thorugh the wizard supplying the password given to you.  P12 files include both the public and private keyset.  You would then also already have a backup (you could backup method #1 by exporting including private key and get your own pfx file).
0
 
morriss0506Author Commented:
for those that come accross this issue i found the following link to simplied the whole process in addition to the msdn articals

http://www.eggheadcafe.com/articles/20020630.asp
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now