----------------------------------------------------------- New Message on BDOTNET
----------------------------------------------------------- From: Nasha Message 1 in Discussion Hey Group, Today we look in to creating software digital certificates but we take a plunge in that we will look at certain aspects of Crytography. Cryptography is about keys for encryption. These keys can be symmeteric or asymmetric. When we say symmetric keys what we mean is that the same key is used for encryption and decryption. In case Asymmetric keys there are different keys for encryption and decryption like the public key and the private key. e.g. if something is encrypted with private key then it can decrypted with public key and vice-versa. These keys are always created as a "key-pair". Generally public key is given to everyone and private key is kept safely with oneself. .Net provides us with a utility called as makecert.exe to create X.509 test certificates. Now the most obivious question that comes to mind is what are these X509 certificates and what is there relation to cryptography? Well, X.509 certificates is a certificate issued by Certification Authorities like Verisign etc which holds the public key. This certificate ensures that the digital certificate actually belongs to the organisation u trust and not any other 3rd party. This concept has not been introduced with .Net infact it has used since quite some time to sign Active X controls. In .Net these certificates can be used to sign assemblies so that the client who is using these assemblies is sure of its source. You find more details of how to go about using X.509 certificates in .Net through code under the System.Security.Cryptograpgy.X509Cerficates Namespace You can go to the VS.Net command prompt and type makecert.exe this will down all the options.To view the basic options type -? option and to view the extended options type -!. Some of the important options are : -sk <keyName> Subject's key container name; To be created if not present -ss <store> Subject's certificate store name that stores the output certificate -sr <location> Subject's certificate store location. <CurrentUser|LocalMachine>. Default to 'CurrentUser' -n <X509name> Certificate subject X500 name (eg: CN=Fred Dews) -sv <pvkFile> Subject's PVK file; To be created if not present -b <mm/dd/yyyy> Start of the validity period; default to now. -e <mm/dd/yyyy> End of validity period; defaults to 2039 -r Create a self signed certificate Let us create our certificate. To create a certificate it has to be issue to an authority e.g. here we are creating an certificate for a company called MyComp technologies. We want that the certificate that is created is to stored in our personal certificate store on our machine hence we give an option -ss with value as my. Along with that we also want to create a key container for the certificate called MyCompCont. Finally our command will be makecert -sk MyCompCont -ss my -n "CN=MyComp Technologies" MyComp.cer This command will create a certificate and install it in Personal Certificate Store on your machine for the current user and also create a key container named MyCompCont to store your public and private keys. You can also use -sv option to create a .pvk to store your private key in a file. If you do this than please be careful of not leaving your private key any where your key must be immediately backed up and delete from your machine else any one can use it easily. You can view the store from Microsoft Management Console using (mmc.exe). Run the mmc.exe Select the Add/Remove Snapin Option select the Certificate from the list of snapins. Then you will be presented with a choice between MyUserAccount, Computer Account etc. Select MyUserAccount and Add the snap in. Then re-select the Certificate snap in this time select the Computer Account option. Select your local machine in the wizard options. Thus now you have both Certificate (Local Computer) and Certificate for Current User in your mmc console. Check out Personal store for Current User. The certificates folder under it will contain the certificate. If you want to create a certificate for any user on the local machine then use "-sr Localmachine" option makecert -sk MyCompCont -ss my -n "CN=MyComp Technologies" MyComp.cer -sr LocalMachine Similarly you will find the certificate created in Personal store under certificates for local machine. The certificate file is created by any of the above options is stored at the path from where the exe is executed from the VS.Net command prompt. Go to the folder respective folder and check out your certificate file i.e. MyComp.cer. -- Please post your queries and comments for my articles in the usergroup for the benefit of all. I hope this step from my end is helpful to all of us. Regards, Namratha (Nasha) ----------------------------------------------------------- To stop getting this e-mail, or change how often it arrives, go to your E-mail Settings. http://groups.msn.com/BDotNet/_emailsettings.msnw Need help? If you've forgotten your password, please go to Passport Member Services. http://groups.msn.com/_passportredir.msnw?ppmprop=help For other questions or feedback, go to our Contact Us page. http://groups.msn.com/contact If you do not want to receive future e-mail from this MSN group, or if you received this message by mistake, please click the "Remove" link below. On the pre-addressed e-mail message that opens, simply click "Send". Your e-mail address will be deleted from this group's mailing list. mailto:[EMAIL PROTECTED]
