working with windows certs x.509 and private keys



I guess this is something i don't work with alot and i need to get it in my head. Hence this post.

Assumption : in this post i am using dotnetcore to encrypt and decrypt a jwt token. (using jose jwt library).

By design x.509 certificates contains only public key. private key are not stored in x.509. By design, public key are stored because it is presented to other external parties. Public key normally comes with extension ".cer", while private keys file ends with ".pfx" (private keys).

For a developer, it is essential understand the followings :-

a) where you store or getting certificates from - you could be installing your certs to your local certificate repository - that is accessible to you only, local machine - accessible to more users or service account.

You can goto mmc-> Add/remove snap-in -> Certificates ->




Two steps installation process. first we install our public x.509 cer and then private keys. For info, please click here.

b) Getting your certificate from store (your account, service account or computer account) with the example code here :-




c) Encrypt and De-crypt





Hopefully the workflow is clear

Comments

Post a Comment

Popular posts from this blog

The specified initialization vector (IV) does not match the block size for this algorithm

Image
If you're getting  exception when trying to assigned key to a symmetric key and getting error message below :- The specified initialization vector (IV) does not match the block size for this algorithm And your code probably look like something below :- Then you need to go into debug mode and start looking into the supported size for IV as shown in diagram below :- As you can see, IV is 16 bytes, so you need to provide 16 bytes. The same goes for Key field too, if you're adding anything to it. As long as you provide a valid key size, then we're good and you're code will be ready.
Read more