Joshua Juran wrote:
On May 19, 2005, at 4:03 PM, Miles Bradford wrote:
So when you send the CSR including the Public Key - you would send
them the
(your) Private Key, also? Then they sign it with a Private Key they've
created? and send it back?
You don't give away your private key to anybody, not even the
certificate authority. Since nobody else will see it, there's no value
to having it signed, because nobody could verify the signature.
And, of course, the private key is useless if disclosed.
Josh
Given that you know
a. your CSR
b. the reply /signed cert using his priv_key that the signing authority
has used,
Is it possible to determine his priv_key used to sign the known plain text?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
