santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arshad Noor <arshad.n...@strongauth.com>
Subject Re: FW:
Date Tue, 05 Jan 2010 14:52:57 GMT
Not with well-behaved software that conform to PKIX standards.

Signing keys are meant to only sign objects, while "Exchange"
keys are meant for encryption/decryption.  That is the reason
why decryption works with the first, but not with the second.

Arshad Noor
StrongAuth, Inc.

Bolcina Ivan wrote:
> Hi.
> 
> I have a encrypted xml.
> 
>  
> 
> I managed to decrypt xml with this key
> 
> Alias=|Tomaz 3 Grenko's Encryption Certificate|
> 
>   is certificate=|CN=Tomaz 3 Grenko, O=TestCA, C=si
> 
>   is private key=|true
> 
>   key=RSAPrivateKey [size=2048 bits, type=*Exchange*, 
> container=4|3|1|0|X8AQID1iQeev7AsBo6NoVQ==]
> 
>   key.algorithm=RSA
> 
>   key.format=null
> 
>  
> 
> but not with this.
> 
>  
> 
> Alias=|Tomaz 3 Grenko's Verification Certificate|
> 
>   is certificate=|CN=Tomaz 3 Grenko, O=TestCA, C=si
> 
>   is private key=|true
> 
>   key=RSAPrivateKey [size=2048 bits, type=*Signature*, 
> container=4|3|2|0|X8AQID1iQeev7AsBo6NoVQ==]
> 
>   key.algorithm=RSA
> 
>   key.format=null
> 
>  
> 
> I noticed that key type is different. Key is in both cases stored on 
> smartcard, that is accessed via SUN MSCAPI provider.
> 
>  
> 
> Is it theoretically even possible to decrypt using second key?
> 
>  
> 
> Thanks in advance,
> 
> ivan
> 

Mime
View raw message