On 27 December 2011 17:26, Tom Gao <[email protected]> wrote: > > > Are you saying that I can’t implement AES with x.509 ? >
I don't think you can. AES is a symmetrical encryption algorithm, meaning the same encryption key is used for encryption and decryption. The point of X.509 (or more specifically PKI) is so the recipient can verify/decrypt the private-key encrypted message using only publicly known knowledge (the public key). The private key needs to remain private so the recipient cannot masquerade as the sender. Therefore there has to be two keys, and both need to be used in order to encrypt, then decrypt the message. You cannot encrypt or decrypt with the private/public key alone using )an asymmetric encryption algorithm, of which RSA is one. What exactly are you trying to achieve? > > Thanks, > > Tom > > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Greg Keogh > Sent: Tuesday, 27 December 2011 3:19 PM > To: 'ozDotNet' > Subject: RE: makecert fixed on RSA ? > > > > I’m doing some research on certificates it seems that when makecert in > windows server 2008 is used you don’t get a choice on the certificate’s > algorithm? It defaults to RSA for key exchange ? looking at the extended > option in makecert it only has the option of allowing to change the > signature algorithm as opposed to the encryption algorithm? What can I do if > I wanted to use AES just as an example. > > > > Dunno if this helps, but RSA is a bit of a performance burden and usually > used for encrypting small amounts of data such as keys. AES is a > comparatively efficient block cipher. RSA uses a key-pair and AES uses one > key, so they are designed for different purposes. DSA is usually used for > making signatures. I think you’re mixing up the algorithms. > > > > Greg > >
