Hello,
I'm new to cryptography and I would just like to check that I'm doing
the right thing when signing an XML file. I've got a PKCS#12
certificate (created using OpenSSL) which I'm loading into a
X509Certificate 2 object. I get the private key out of that object to
sign with, and I include the certificate in the KeyInfo object.
However, as both the private and public key is stored in the same
certificate file, doesn't this mean that I'm including the private
key? And isn't that A Very Bad Thing? As I said, I'm new to this so
don't fully understand the way it should be done.
If this is the way to go forwards, can I strip out the private key
from the certificate before including it? Or is there another way of
doing this?
Any help is much appreciated.
Thanks,
AK
I'm new to cryptography and I would just like to check that I'm doing
the right thing when signing an XML file. I've got a PKCS#12
certificate (created using OpenSSL) which I'm loading into a
X509Certificate 2 object. I get the private key out of that object to
sign with, and I include the certificate in the KeyInfo object.
However, as both the private and public key is stored in the same
certificate file, doesn't this mean that I'm including the private
key? And isn't that A Very Bad Thing? As I said, I'm new to this so
don't fully understand the way it should be done.
If this is the way to go forwards, can I strip out the private key
from the certificate before including it? Or is there another way of
doing this?
Any help is much appreciated.
Thanks,
AK