Free Republic
Browse · Search
News/Activism
Topics · Post Article

To: Gil4
All the private keys are centrally (securely*) stored by the issuing authority

No. Typically the private key is generated in your browser and the certificate authority signs the public key in a cert request. There are other authentication schemes where a server keeps a private key and sends it to your email client when it is needed, but are not standard PKI.

If you decide to buy an email cert from verisign or someone else, they do not ever touch or see your private key.

37 posted on 11/20/2012 2:11:21 AM PST by palmer (Jim, please bill me 50 cents for this completely useless post)
[ Post Reply | Private Reply | To 36 | View Replies ]


To: palmer

DoD must do it differently than Verisign, because I know if I need one of my expired keys to open an old encrypted email, I can go recover it at a certain .mil site. I can see a list of all of the keys I have ever had at that site (back to 2003).

I have done it several times and I help people do it all the time.


38 posted on 11/20/2012 7:52:46 AM PST by Gil4 (Progressives - Trying to repeal the Law of Supply and Demand since 1848)
[ Post Reply | Private Reply | To 37 | View Replies ]

Free Republic
Browse · Search
News/Activism
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson