Quantcast

Export .p12 private key from IIS certificate?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Export .p12 private key from IIS certificate?

Matt W Pawuk

I have a certificate in IIS.  I've given our client the public key to encrypt the package they are sending us.  I can export a .pfx file through IIS which contains the private key but can't seem to figure out how to export the private key only.  

Anyone have any tips?

Thanks,
Matt

**************************************************************************************
This communication is intended solely for the addressee and is
confidential. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in
reliance on it, is prohibited and may be unlawful. Unless indicated
to the contrary: it does not constitute professional advice or
opinions upon which reliance may be made by the addressee or any
other party, and it should be considered to be a work in progress.
**************************************************************************************
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Export .p12 private key from IIS certificate?

Arshad Noor
Why would you want to export the Private Key by itself, Matt?  The
recommended and secure method of transporting Private Keys are to
export them as PKCS#12 (PFX) files.

If you're trying to get the Private Key into a different application
to decrypt the encrypted package your client is sending you, you
either need to import the PFX into that application, or have that
application use the PFX file directly to decrypt the package.

Arshad Noor
StrongAuth, Inc.

Matt W Pawuk wrote:

> I have a certificate in IIS.  I've given our client the public key to
> encrypt the package they are sending us.  I can export a .pfx file
> through IIS which contains the private key but can't seem to figure out
> how to export the private key only.  
>
> Anyone have any tips?

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Export .p12 private key from IIS certificate?

Matt W Pawuk

Arshad,

Can bouncycastle just use the pfx file then?  The function I'm using currently looks like the following:  How would I use a pfx file in place of the p12 file on the first line?


public AsymmetricKeyParameter GetPrivateKey()
    {
        Stream inStr = new FileStream("C:\\path_to_private_key_directory\\keyfile.p12", FileMode.Open, FileAccess.Read, FileShare.Read, 1024);
        char[] password = {''p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
        Pkcs12Store p12 = new Pkcs12Store(inStr, password);
        AsymmetricKeyParameter privKey = p12.GetKey("keyname").Key;
        return privKey;
    }





Arshad Noor <[hidden email]>

07/14/2008 07:03 PM

To
Matt W Pawuk <[hidden email]>
cc
[hidden email], [hidden email]
Subject
Re: [dev-crypto] Export .p12 private key from IIS certificate?





Why would you want to export the Private Key by itself, Matt?  The
recommended and secure method of transporting Private Keys are to
export them as PKCS#12 (PFX) files.

If you're trying to get the Private Key into a different application
to decrypt the encrypted package your client is sending you, you
either need to import the PFX into that application, or have that
application use the PFX file directly to decrypt the package.

Arshad Noor
StrongAuth, Inc.

Matt W Pawuk wrote:

> I have a certificate in IIS.  I've given our client the public key to
> encrypt the package they are sending us.  I can export a .pfx file
> through IIS which contains the private key but can't seem to figure out
> how to export the private key only.  
>
> Anyone have any tips?



**************************************************************************************
This communication is intended solely for the addressee and is
confidential. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in
reliance on it, is prohibited and may be unlawful. Unless indicated
to the contrary: it does not constitute professional advice or
opinions upon which reliance may be made by the addressee or any
other party, and it should be considered to be a work in progress.
**************************************************************************************
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Export .p12 private key from IIS certificate?

Arshad Noor
A PFX file is a PKCS#12 file, Matt; so you would replace the name
of the P12 file with the PFX file and use exactly the same code
you need to work with it:

   FileStream("C:\\path_to_private_key_directory\\keyfile.pfx",

While I have not used a PFX file with a Java program (I tend to
work with P12 files only), I found this Technet article on MSDN
which refers to the PFX as P12 within MS literature.

http://technet2.microsoft.com/windowsserver/en/library/5f06e6e3-22dc-460a-9ea3-33d6f6aa72871033.mspx?mfr=true

I'm sure you'll find others; good luck.

Arshad

Matt W Pawuk wrote:

>
> Arshad,
>
> Can bouncycastle just use the pfx file then?  The function I'm using
> currently looks like the following:  How would I use a pfx file in place
> of the p12 file on the first line?
>
>
> public AsymmetricKeyParameter GetPrivateKey()
>     {
>         Stream inStr = new
> FileStream("C:\\path_to_private_key_directory\\keyfile.p12",
> FileMode.Open, FileAccess.Read, FileShare.Read, 1024);
>         char[] password = {''p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
>         Pkcs12Store p12 = new Pkcs12Store(inStr, password);
>         AsymmetricKeyParameter privKey = p12.GetKey("keyname").Key;
>         return privKey;
>     }
>
>
>
>
>
> *Arshad Noor <[hidden email]>*
>
> 07/14/2008 07:03 PM
>
>
> To
> Matt W Pawuk <[hidden email]>
> cc
> [hidden email], [hidden email]
> Subject
> Re: [dev-crypto] Export .p12 private key from IIS certificate?
>
>
>
>
>
>
>
>
> Why would you want to export the Private Key by itself, Matt?  The
> recommended and secure method of transporting Private Keys are to
> export them as PKCS#12 (PFX) files.
>
> If you're trying to get the Private Key into a different application
> to decrypt the encrypted package your client is sending you, you
> either need to import the PFX into that application, or have that
> application use the PFX file directly to decrypt the package.
>
> Arshad Noor
> StrongAuth, Inc.
>
> Matt W Pawuk wrote:
>
>  > I have a certificate in IIS.  I've given our client the public key to
>  > encrypt the package they are sending us.  I can export a .pfx file
>  > through IIS which contains the private key but can't seem to figure out
>  > how to export the private key only.  
>  >
>  > Anyone have any tips?
>
>
>
> **************************************************************************************
> This communication is intended solely for the addressee and is
> confidential. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is prohibited and may be unlawful. Unless indicated
> to the contrary: it does not constitute professional advice or
> opinions upon which reliance may be made by the addressee or any
> other party, and it should be considered to be a work in progress.
> **************************************************************************************
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Export .p12 private key from IIS certificate?

Matt W Pawuk

Great, your help is much appreciated Arshad.

Matt



Arshad Noor <[hidden email]>

07/16/2008 07:55 PM

To
Matt W Pawuk <[hidden email]>
cc
[hidden email]
Subject
Re: [dev-crypto] Export .p12 private key from IIS certificate?





A PFX file is a PKCS#12 file, Matt; so you would replace the name
of the P12 file with the PFX file and use exactly the same code
you need to work with it:

  FileStream("C:\\path_to_private_key_directory\\keyfile.pfx",

While I have not used a PFX file with a Java program (I tend to
work with P12 files only), I found this Technet article on MSDN
which refers to the PFX as P12 within MS literature.

http://technet2.microsoft.com/windowsserver/en/library/5f06e6e3-22dc-460a-9ea3-33d6f6aa72871033.mspx?mfr=true

I'm sure you'll find others; good luck.

Arshad

Matt W Pawuk wrote:
>
> Arshad,
>
> Can bouncycastle just use the pfx file then?  The function I'm using
> currently looks like the following:  How would I use a pfx file in place
> of the p12 file on the first line?
>
>
> public AsymmetricKeyParameter GetPrivateKey()
>     {
>         Stream inStr = new
> FileStream("C:\\path_to_private_key_directory\\keyfile.p12",
> FileMode.Open, FileAccess.Read, FileShare.Read, 1024);
>         char[] password = {''p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
>         Pkcs12Store p12 = new Pkcs12Store(inStr, password);
>         AsymmetricKeyParameter privKey = p12.GetKey("keyname").Key;
>         return privKey;
>     }
>
>
>
>
>
> *Arshad Noor <[hidden email]>*
>
> 07/14/2008 07:03 PM
>
>                  
> To
>                  Matt W Pawuk <[hidden email]>
> cc
>                  [hidden email], [hidden email]
> Subject
>                  Re: [dev-crypto] Export .p12 private key from IIS certificate?
>
>
>                  
>
>
>
>
>
> Why would you want to export the Private Key by itself, Matt?  The
> recommended and secure method of transporting Private Keys are to
> export them as PKCS#12 (PFX) files.
>
> If you're trying to get the Private Key into a different application
> to decrypt the encrypted package your client is sending you, you
> either need to import the PFX into that application, or have that
> application use the PFX file directly to decrypt the package.
>
> Arshad Noor
> StrongAuth, Inc.
>
> Matt W Pawuk wrote:
>
>  > I have a certificate in IIS.  I've given our client the public key to
>  > encrypt the package they are sending us.  I can export a .pfx file
>  > through IIS which contains the private key but can't seem to figure out
>  > how to export the private key only.  
>  >
>  > Anyone have any tips?
>
>
>
> **************************************************************************************
> This communication is intended solely for the addressee and is
> confidential. If you are not the intended recipient, any disclosure,
> copying, distribution or any action taken or omitted to be taken in
> reliance on it, is prohibited and may be unlawful. Unless indicated
> to the contrary: it does not constitute professional advice or
> opinions upon which reliance may be made by the addressee or any
> other party, and it should be considered to be a work in progress.
> **************************************************************************************
>




**************************************************************************************
This communication is intended solely for the addressee and is
confidential. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in
reliance on it, is prohibited and may be unlawful. Unless indicated
to the contrary: it does not constitute professional advice or
opinions upon which reliance may be made by the addressee or any
other party, and it should be considered to be a work in progress.
**************************************************************************************
Loading...