[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: PKCS#12 file containing 2 certificates.

Title: FW: PKCS#12 file containing 2 certificates.

-----Original Message-----
From: Colestock, Robert
Sent: Wednesday, August 15, 2001 9:33 AM
To: Pawling, John; 'William.Adams'
Subject: RE: PKCS#12 file containing 2 certificates.


Sorry, I did not know that PKCS12 could even contain 2 private keys.  At this time it is not possible in the CTIL design to allow 2 different private keys.  For RSA only, it is possible to sign and encrypt, but it is not possible for us to maintain 2 different private keys (DSA to sign, RSA to encrypt).  The best solution is to produce 2 PKCS12 files, each with their own respective private keys and create 2 different CTIL logins.

Also, the PKCS12 logic has not been fully implemented, I do ignore any certificates beyond the first.  This will be fixed in the future.  The intent is to allow the PCKS12 files to contain a full certificate path, not to allow 2 different private keys.

If you must handle 2 private keys in 1 PKCS12 file, I can investigate changing the CTIL PKCS12 logic (from open-ssl) to allow the input parameters to specify which PKCS12 private key to use.  This will still require 2 CTILs, but allow you to use a single PKCS12 file for both logins.

Bob Colestock

-----Original Message-----
From: William Adams [mailto:William.Adams@xxxxxxxxxxx]
Sent: Tuesday, August 14, 2001 6:30 AM
To: SFL List (E-mail)
Subject: RE: PKCS#12 file containing 2 certificates.

Not sure why that last one was empty so here is the question.

I have a PKCS#12 file that contains two certificates. One is for signing
using DSA and the other is for Encrypting using RSA. I would like to be able
to use just this one file but there seems to be a problem in that the
parameters for the DSA do not get stored when at Logon. this seems to be
because the "AddLoginStatic" function which stores the parameters, via
"GetParamsAndY", is only called for the first certificate in the file, which
is the RSA one. the other problem is that there are two different private
keys in the pkcs#12 file but only one is read in and stored.

Is it possible to do this or will I have to create two instances, one for
the signing certificate & key, and one for the encryption certificate & key?


William Adams
Software Engineer
Tel:  +44 115 9535536
Fax: +44 115 9520519