> 2) How can I get the private key from certificate?
I will answer this question, because it shows you have a basic concept
wrong.
The private key is not on the certificate; it never is. You cannot
determine the private key from the public key; you never can. If either
of those two statements is wrong, then PKI is "broken" and insecure.
You mentioned smartcards. The private key (almost definitely) never
leaves the smartcard. If you encrypt with the public key, you will have
to ask the smartcard to decrypt; you will also need the smartcard to
sign, and then anyone with the public key or certificate can verify. PK
signing and encryption are the same math, different keys.
/r$
--
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
