Certificates

The CIP components that perform encryption/decryption and digital signing/verification rely upon certificates. A certificate is a packet of data that contains a user’s public key, in addition to the data that serves to identify the user in the real world. Every certificate is created and signed by a trusted entity known as a certificate authority (CA).

To use certificates with the encryption and digital signature components included with the CIP, you generally follow these procedures.

If you are encrypting data to send to a trading partner, you obtain from your trading partner the certificate that contains his or her public key. You import this certificate onto your system, using the Certificate Management Tool, and you use this certificate to configure the EncryptPKCS component, which uses the public key of your trading partner to encrypt the data. When your trading partner receives the data, it is decrypted using the certificate’s private key, which your trading partner has installed on the receiving system.

If you are digitally signing data to send to a trading partner, you use a certificate that you have obtained from a CA, and that you have installed on your system. You provide your trading partner with a copy of that certificate.

When the DigitalSig component is executed, it uses the certificate to perform the digital signing by calling the Microsoft® Cryptographic application programming interface (CryptoAPI). On the receiving end, the VerifyDigitalSig component uses the certificate that you have provided to your trading partner, and verifies that the signature on the data is yours.

Related Topic


© 1997-1998 Microsoft Corporation. All rights reserved.