Well, think of the device as proxy which acts as the client to the server and server to the client. Hence, the proxy is configured with the same public-key and private key as that of the server so that it can act as the server to the clients. But before it starts to do that, I want to make sure that the server is using the exact same pub/pvt key pair as the one configured on the proxy. Hence, the question.
So, given your response, I take it that if I compare the Pub-key in C2 (which came on the wire) with the Pub-key in C1, then I can indirectly infer that the private-key corresponding to C1 and C2 is the same. In other words, if the pub-key for 2 certs match, then they must have the same private-key. On Tue, Jul 20, 2010 at 10:41 PM, Kyle Hamilton <aerow...@gmail.com> wrote: > Your question makes no sense. > > If you know PK1 (contained in C1), and you know K1, then if you > receive C2 that contained PK1, you know that someone's trying to make > you think you're talking to yourself. (Nobody else can, by the rules > of PKI, have K1 but you -- which is why the challenge/response > protocol exists, to prove that you are who you say you are. If the > asserter of the identity contained in C2 can also prove that it knows > the private key K1 -- which it would have to if that other certificate > contained PK1 -- then you know you *are* talking to either yourself or > someone who somehow got your private key, which should be disturbing > if you aren't expecting it.) > > But, if you simply want to know if it's possible to prove that two > public keys are identical by byte-comparison, you would either have to > extract the public key from the subjectPublicKey portion of the > certificate in the format that your own system would understand before > you could do that kind of byte comparison, or byte-compare the > DER-encoded keys from the certificates themselves.) > > -Kyle H > > On Tue, Jul 20, 2010 at 11:40 AM, PS <mytechl...@gmail.com> wrote: > > Let us say I have a certificate and a private key pair (C1, K1) > > Now, lets say I received a Certificate, C2 on the wire. Now, I want to > know > > whether the pvt-key K1 corresponds to the private key of C2. One method > is > > encrypt a Known random number with pub-key in C2 and decrypt with K1 and > see > > if the number is same. But this is expensive. > > I thought of another method and wanted to know if this is correct: > > Do a byte-for-byte compare of the pub-key in C1 with that of C2. If they > are > > same, then we can assume that K1 must be the private-key of C2. Am I > > correct? > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
