Home page logo

basics logo Security Basics mailing list archives

RE: Stealing certificates
From: Rygg Christian <christian.rygg () edb com>
Date: Mon, 25 Nov 2002 09:19:06 +0100


I think I was a bit inaccurate in my mail. I meant to ask about stealing a
certificate (which isn't actually stealing, I know) AND the corresponding
private key. I'm just used to working with PKCS#12 files, and calling them
certificates, even though I know that's not accurate, as they contain the
private key as well. Sorry about the mixing of names/expressions :)

C Rygg

-----Original Message-----
From: Adrian McCullagh [mailto:Adrian.McCullagh () freehills com]
Sent: Friday, November 22, 2002 2:16 AM
To: Rygg Christian
Subject: Re: Stealing certificates


I am confused by your request for informatiom.

Firstly, the private key is not stored in a certificate only the public key
is embodied in a certificate.

Secondly, it does not matter that someone can so called "steal" a
certificate.  The certificate is meant to be copied and exposed to as many
organisations as possible.

The issue of inserting a fake certificate is very problematical and easy to
achieve.  Especially as the procedure of inserting Certificates has been
published by MS.

Dr. Adrian McCullagh Ph. D.

Direct 61 7 3258 6603
Telephone 61 7 3258 6666
Facsimile 61 7 3258 6444

This email is confidential.  If you are not the intended  recipient,
you must not disclose  or  use the  information  contained in it. If
you have received this email in error,  please notify us immediately
by return email and delete the document.
Freehills is not responsible for any changes made to a document other
than those made by Freehills or for the effect of the changes on the
document's meaning.

Liability is limited by the Solicitors' Limitation of Liability Scheme,
approved under the Professional Standards Act 1994 (NSW)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]