Solved

Decrypt Token with Cert Private Key

Posted on 2008-10-14
4
1,009 Views
Last Modified: 2008-10-22
I am attempting to generate a private/public key pair to key to decrypt the contents being passed via a http post.  I a new with working with certs and have have created test certs with using makecert.exe.  however no private key is assosicated with certification.  I am looking for some leads to point me in the right direction as my attempts have been fruitless.  

created a public/private key to decrypt that has been posted to page.

yeti
0
Comment
Question by:morriss0506
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22715938
I think that rewording your question might be helpful - it is a little bit confusing what you are trying to do specifically, which what you are doing it with (OS version, web software like IIS or Apache, etc.), and what the problem is (error messages).

So I am assuming that you are using a self-signed cert instead of one from your own CA or a commerical CA.  When you do that, it should create the private key for you.  If you open up the Certificates MMC and look in the personal store, the cert should be listed there.  If you open that up on the default page there should be an icon at the bottom of the window that pops up showing the name and such stating that you have the associated private key.  If you do not have this, then that is a problem and you should try to clear out any previous self-signed certs issued to that server by that server and try again.  

Here's a couple links for makecert:
http://www.inventec.ch/chdh/notes/14.htm
http://msdn.microsoft.com/en-us/library/bfsktky3(VS.80).aspx

For doing a lot of things using self-signed certs you won't trust them until you export (don't move) the cert (don't need the private key for this part) and then import it into the trusted root CA store (if on Vista, check the box to view physical stores).

Lets start with that and we'll take it from there.
0
 

Author Comment

by:morriss0506
ID: 22720511
I'll try and elaborate.  I a creating a page that receives a post from a third party site where site info is posted to me via hidden input.  The value posted is encryted and a test cert was obtained by the third party in order to create a public/private key pair to decrypt the information posted.  Presently I capture the post and have installed the provided certificate.  However when I try to decrypt I get a error unable to find certificate.  Additionally when I view the certificate there is no private key assocated with it.

I hope that helps, this is my fist attempt working with certificates.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 22721412
Ok, the private key missing from the cert is the key here.
Since you are getting the cert from a 3rd party, this can be done one of two different ways:
1) Standard method - create a CSR from your box and email it to the 3rd party for them to process against their CA and then they will send you back the signed certificate for you to install on the same box.  This can be done through your web hosting software, here is a generic link for instructions:
http://www.verisign.com/support/ssl-certificates-support/page_dev019431.html
(only send it to 3rd party instead of verisign, of course)  This way the private key never leaves your box.

2) 3rd party creates a certificate and installs it on their end, and then exports it into a PKCS #12 (.pfx) file which would be encrypted using a synchonous key with a password assigned to decrypt it on your end and install it.  When you get the pfx file, you would just double click it and run thorugh the wizard supplying the password given to you.  P12 files include both the public and private keyset.  You would then also already have a backup (you could backup method #1 by exporting including private key and get your own pfx file).
0
 

Author Comment

by:morriss0506
ID: 22779493
for those that come accross this issue i found the following link to simplied the whole process in addition to the msdn articals

http://www.eggheadcafe.com/articles/20020630.asp
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ADFS SSL Clarification 4 59
Can't connect to LDAP over SSL (port 636) 6 79
Content Filtering by Search Term with a Smoothwall Firewall 1 122
Schannel Error in Event Viewer 3 51
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question