Re: Encryption Problem

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Thanks Hernan,
When I tried encrypting a message using a Public Cert for which I could not
possibly access the private cert (another staff member in a far off location)
the encryption works as expected.

I guess there must be some issues with Microsofts Certificate Store or
myself not deleting keys correctly. Any ideas what I may be doing wrong? I
usually just go into Certificate Store through mmc and delete the private
certificates from there using right-click->delete.

Cheers
John

"Hernan de Lahitte" wrote:

> As you stated right, you need only the public key to encrypt the message and
> the private key associated to that public key to decrypt that message. I
> would suggest you to verify if you don't have a private key installed on
> your server testing machine. Try with some certificate that you never
> installed on that machine and send the encrypted message from another
> machine so you may be sure that on the server side you are not using the
> private key associated to the public key you are using to encrypt on the
> client side.
>
> --
> Hernan de Lahitte
> http://clariusconsulting.net/hdl
>
> "John Wieland" <John Wieland@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:AAC82CE8-C477-4B1E-B902-3A985CE65798@xxxxxxxxxxxxxxxx
> > Hi,
> > I'm working on a small client/server application which communicates using
> > SOAP messages secured by the new WSE2.0 Encryption and Digital Signature.
> >
> > I've been finding that when I send a message encrypted with someones
> > public
> > key that the other end can then decrypt the message with only the public
> > key
> > certificate present in the certificate store. If the certificate with the
> > public key is not present in the certificate store then the message is
> > rejected. As soon as I install the certificate which only has the public
> > key
> > in it to the certificate store the message is decrypted and allowed
> > through
> > the SOAP filters.
> >
> > This is a pretty big problem as public certificates are intended to be
> > just
> > that, "Public", and be publicly available by some means. So what good is
> > encrypting a message if anyone with the public certificate is able to
> > decrypt
> > it? Is there a setting I am not aware of?
> >
> > Thanks
> > John Wieland jwieland@xxxxxxxxxxxxx
>
>
>
.

Relevant Pages

  • RE: .NET Form Client Connection to .Net Web Service via SSL
    ... > If you are using SSL with a 128-bit Server Certificate, ... > Anyway, if your URL is 'HTTPS', it is being encrypting, for sure. ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Encrypted emails
    ... I don't pretend to know anything about Microsoft Active Directory, and don't know if this is even an available feature for MS Exchange. ... In my experience, this type of functionality requires an SSL certificate on your Internet-facing mail server, and of course you need to configure the mail server to talk both plain SMTP and encrypted SMTP. ... encrypting communication between mail servers using a common certificate. ...
    (Security-Basics)
  • Encrypted files -- would this work to get them back?
    ... After the format and new install of XP, I ran a recovery utility on my ... there is a Crypto folder and a "System Certificates" ... Including the system certificate and the key. ... "Encrypting file system" box is checked ...
    (microsoft.public.windowsxp.security_admin)
  • Unable to encrypt email with Entrust digital certificate
    ... I'm using Outlook 98 to send an encrypted email to a recipient, ... "Microsoft Outlook had problems encrypting ... Entrust digital certificate, which I imported its address with success ...
    (microsoft.public.outlook)
  • HttpWebRequest client certificate private key problem (VB.NET 2002)
    ... I have a valid client certificate with a corresponding private key. ... certificate is in x509 format and the .cer file contains the private ... Q1- What kindof filedoes the CreateFromSignedFile accept? ...
    (microsoft.public.dotnet.security)