Your question makes no sense. If you know PK1 (contained in C1), and you know K1, then if you receive C2 that contained PK1, you know that someone's trying to make you think you're talking to yourself. (Nobody else can, by the rules of PKI, have K1 but you -- which is why the challenge/response protocol exists, to prove that you are who you say you are. If the asserter of the identity contained in C2 can also prove that it knows the private key K1 -- which it would have to if that other certificate contained PK1 -- then you know you *are* talking to either yourself or someone who somehow got your private key, which should be disturbing if you aren't expecting it.)
But, if you simply want to know if it's possible to prove that two public keys are identical by byte-comparison, you would either have to extract the public key from the subjectPublicKey portion of the certificate in the format that your own system would understand before you could do that kind of byte comparison, or byte-compare the DER-encoded keys from the certificates themselves.) -Kyle H On Tue, Jul 20, 2010 at 11:40 AM, PS <mytechl...@gmail.com> wrote: > Let us say I have a certificate and a private key pair (C1, K1) > Now, lets say I received a Certificate, C2 on the wire. Now, I want to know > whether the pvt-key K1 corresponds to the private key of C2. One method is > encrypt a Known random number with pub-key in C2 and decrypt with K1 and see > if the number is same. But this is expensive. > I thought of another method and wanted to know if this is correct: > Do a byte-for-byte compare of the pub-key in C1 with that of C2. If they are > same, then we can assume that K1 must be the private-key of C2. Am I > correct? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
