From: Bear Giles <[EMAIL PROTECTED]>
bear> I read the description as pointing out, with some validity, that a
bear> "private" key implies there's also a public key, and public keys are
bear> published in certs. So if you have a cert, you can use the key as a
bear> private key.
bear>
bear> But without a cert, you can't use the key as a private key. But it's
bear> still usable - it can even be used similiarly to any symmetric cipher
bear> key - so they just came up with a name for it.
It might be your wording, but I honestly don't get it. If you have a
private key, it's at least (I'll explain in a moment) usable as a
private key.
And also, if you look around a bit, what's often called a "private
key" out there is most often the complete key pair. The PEM files
call "private keys" in OpenSSL really holds all necessary parameters.
The same applies to the hardware stuff I've played with (most notably,
keys protected by an nCipher box). This is why I said "at least".
The public key from a pair is, as you say, stored in a certificate (as
long as we stay in the X.509 world and don't venture into PGP land
:-)), and are useful in themselves for encryption and signature
verification.
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
