Solved

Decrypt Token with Cert Private Key

Posted on 2008-10-14
4
1,001 Views
Last Modified: 2008-10-22
I am attempting to generate a private/public key pair to key to decrypt the contents being passed via a http post.  I a new with working with certs and have have created test certs with using makecert.exe.  however no private key is assosicated with certification.  I am looking for some leads to point me in the right direction as my attempts have been fruitless.  

created a public/private key to decrypt that has been posted to page.

yeti
0
Comment
Question by:morriss0506
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22715938
I think that rewording your question might be helpful - it is a little bit confusing what you are trying to do specifically, which what you are doing it with (OS version, web software like IIS or Apache, etc.), and what the problem is (error messages).

So I am assuming that you are using a self-signed cert instead of one from your own CA or a commerical CA.  When you do that, it should create the private key for you.  If you open up the Certificates MMC and look in the personal store, the cert should be listed there.  If you open that up on the default page there should be an icon at the bottom of the window that pops up showing the name and such stating that you have the associated private key.  If you do not have this, then that is a problem and you should try to clear out any previous self-signed certs issued to that server by that server and try again.  

Here's a couple links for makecert:
http://www.inventec.ch/chdh/notes/14.htm
http://msdn.microsoft.com/en-us/library/bfsktky3(VS.80).aspx

For doing a lot of things using self-signed certs you won't trust them until you export (don't move) the cert (don't need the private key for this part) and then import it into the trusted root CA store (if on Vista, check the box to view physical stores).

Lets start with that and we'll take it from there.
0
 

Author Comment

by:morriss0506
ID: 22720511
I'll try and elaborate.  I a creating a page that receives a post from a third party site where site info is posted to me via hidden input.  The value posted is encryted and a test cert was obtained by the third party in order to create a public/private key pair to decrypt the information posted.  Presently I capture the post and have installed the provided certificate.  However when I try to decrypt I get a error unable to find certificate.  Additionally when I view the certificate there is no private key assocated with it.

I hope that helps, this is my fist attempt working with certificates.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 22721412
Ok, the private key missing from the cert is the key here.
Since you are getting the cert from a 3rd party, this can be done one of two different ways:
1) Standard method - create a CSR from your box and email it to the 3rd party for them to process against their CA and then they will send you back the signed certificate for you to install on the same box.  This can be done through your web hosting software, here is a generic link for instructions:
http://www.verisign.com/support/ssl-certificates-support/page_dev019431.html
(only send it to 3rd party instead of verisign, of course)  This way the private key never leaves your box.

2) 3rd party creates a certificate and installs it on their end, and then exports it into a PKCS #12 (.pfx) file which would be encrypted using a synchonous key with a password assigned to decrypt it on your end and install it.  When you get the pfx file, you would just double click it and run thorugh the wizard supplying the password given to you.  P12 files include both the public and private keyset.  You would then also already have a backup (you could backup method #1 by exporting including private key and get your own pfx file).
0
 

Author Comment

by:morriss0506
ID: 22779493
for those that come accross this issue i found the following link to simplied the whole process in addition to the msdn articals

http://www.eggheadcafe.com/articles/20020630.asp
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In this era, as you know, cybercrime and other sorts of frauds using the internet has increased day by day. We should protect our information assets and confidential information from getting exploiting by the attacker or intruders. Most of the fraud…
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now