Do you have a question? Post it now! No Registration Necessary. Now with pictures!
November 29, 2004, 3:52 pm
rate this thread
for website cert for SSL encryption, then for e-mail s/mime
encryption, now we are using this exported key for our handheld usage.
The thing is, the regular x509 certificate is managed, all encrypted
files can be decrypted even if you loose the key, you can be recoved.
The PKCS12 certificate is unmanaged. Once you loose the key, it's
gone, granted you CRLs can be checked to inform you that the
certificate has been revoked, but if you encrypt anything with this,
you can never get it back. Also, when you import you key into the
microsoft certificate store - you're importing a PKCS12 - The
unmanaged key. If we are using PKCS12 for most things now, why are we
keeping a managed CA? And managing these keys that no one is using?