Reputation: 11471
Using public key in asymmetric encryption with X.509 certificates
Sometimes ago I've read an article about using asymmetric keys like public and private keys to send data securely. What I've understood was that the server has 1 key (private key) that it use to encrypt data and all clients use the second key (public key) to decrypt it.
Now how should I expect to receive the key and how should I work with?
If I receive a Certificate from the server, wouldn't it contain both public and private keys?!
X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
var cert = GetCertificate(certStore);
var privatekey= cert.PrivateKey;
var publicKey= cert.PublicKey;
Is it possbile to remove the private key from the certificate? How? and how can I understand if the certificate has the private key?
Upvotes: 2
Views: 1667
Answers (2)
Reputation: 952
First a little bit of clarification:
In Public-key cryptography the public key is used to encrypt the data and the private key is used (by the server) to decrypt the data.
The owner of the private key stores private key and only shares a public key. Any certificate from a server should contain only a public key. (It would be a big security issue if the certificate contains the private Key. You could decrypt the messages from any other user)
To check if the cerificate has a private key you can use the HasPrivateKey-Property
cert.HasPrivateKey;
And to get a certificate with only the public key you can use:
byte[] bytes = cert.Export(X509ContentType.Cert);
var publicCert = new X509Certificate2(bytes);
Upvotes: 2
Reputation: 48230
If I receive a Certificate from the server, wouldn't it contain both public and private keys?!
No, not necessarily.
There are two different ways of obtaining the certificate
- PKCS#7/PEM - the file usually contains only the public part of the certificate
- PKCS#12/PFX - the store contains certificates with private keys
Is it possbile to remove the private key from the certificate?
By exporting it to a format that lets you store only the public part of the certificate.
Open a web browser, navigate to any site that uses SSL.
Now click the lock icon and, from there, the certificate information. What you have at the client side (in the browser) is the certificate without the private key. You can save it and even import into the system cert store but still without the private key.
and how can I understand if the certificate has the private key?
If you load it with your C# code, accessing the HasPrivateKey property will be true only for certs with private keys available.
Upvotes: 1
Related Questions
- Associate a private key with the X509Certificate2 class in .net
- Associating an X509Certificate2 certificate with a private key in .NET
- Encrypting the X509Certificate public Key
- Read RSA Public Key from x509 Certificate Bytes in C#
- Using a X509 certificate for decryption
- Encrypt data with X509 certificate's private key in UWP
- Construct RSACryptoServiceProvider from public key (not certificate)
- C# Decryption with X.509 certificate without private key
- Encryption with certificate
- How to do asymmetric encryption with X509 certificates and C#?