get remote server's SSL public key

7 Mar 2005 2:35 PM

tragic_hip

I'm looking for a way to get a remote HTTPS server's public certificate. I
want to use this to encrypt data that will eventually be sent to that server
via HTTPS, but I don't want the data to be readable on the computer's hard
disk.

The only way that I can see to do this is to create my own socket and start
doing the SSL handshake up to step 2 as described in
http://support.microsoft.com/kb/q257591/

Of course, I would have to do a lot of work to worry that the computer that
I'm talking to is actually the one I want.

Is there anything out there that can make this a little easier.

Thanks

7 Mar 2005 3:53 PM

Eugene Mayevski

Hello!
You wrote on Mon, 7 Mar 2005 06:35:04 -0800:

th> I'm looking for a way to get a remote HTTPS server's public
th> certificate. I want to use this to encrypt data that will eventually be
th> sent to that server via HTTPS, but I don't want the data to be readable
th> on the computer's hard disk.

1) The data is encrypted anyway - do you want to do encryption yourself in
addition to default HTTPS encryption?
2) If you do, then you can use the certificate that the server sends you. To
do this you can use SSLBlackbox (http://www.eldos.com/sbb/desc-ssl.php)
which establishes connection and gives you the certificate for validation.
Then you can save this certificate and use it.
3) If you want to encrypt the data using the certificate, you will find
PKIBlackbox useful ( http://www.eldos.com/sbb/desc-pki.php) as it does
PKCS#7-compliant operations based on certificates.

With best regards,
Eugene Mayevski

7 Mar 2005 4:11 PM

tragic_hip

Yes, I want to encrypt parts of the form data in the HTML page that will be
stored on the user's computer (we create an html page and open it up in a
standard browser, which will then submit the form via HTTPS). However, we
don't want the information to be readable.

Thanks for the links, I was of course looking for something that used the
framework and I didn't have to buy seperately. Negotiating the first part of
the handshake sounds still sounds best given above.

Show quoteHide quote

"Eugene Mayevski" wrote:

> Hello!
> You wrote on Mon, 7 Mar 2005 06:35:04 -0800:
>
> th> I'm looking for a way to get a remote HTTPS server's public
> th> certificate. I want to use this to encrypt data that will eventually be
> th> sent to that server via HTTPS, but I don't want the data to be readable
> th> on the computer's hard disk.
>
> 1) The data is encrypted anyway - do you want to do encryption yourself in
> addition to default HTTPS encryption?
> 2) If you do, then you can use the certificate that the server sends you. To
> do this you can use SSLBlackbox (http://www.eldos.com/sbb/desc-ssl.php)
> which establishes connection and gives you the certificate for validation.
> Then you can save this certificate and use it.
> 3) If you want to encrypt the data using the certificate, you will find
> PKIBlackbox useful ( http://www.eldos.com/sbb/desc-pki.php) as it does
> PKCS#7-compliant operations based on certificates.
>
> With best regards,
> Eugene Mayevski
>
>

7 Mar 2005 4:34 PM

Eugene Mayevski

Hello!
You wrote on Mon, 7 Mar 2005 08:11:07 -0800:

th> Thanks for the links, I was of course looking for something that used
th> the framework and I didn't have to buy seperately. Negotiating the
th> first part of the handshake sounds still sounds best given above.

Well, if you want to implement SSL protocol yourself ...

With best regards,
Eugene Mayevski

7 Mar 2005 4:45 PM

Nicole Calinoiu

You may be able to do this by implementing a custom ICertificatePolicy
(http://msdn.microsoft.com/library/en-us/cpref/html/frlrfsystemneticertificatepolicyclasstopic.asp)
when using System.Net.HttpWebRequest, which should allow you to leave
testing of the certificate to the Framework while still exposing the
certificate details to your code.

Show quoteHide quote

"tragic_hip" <tragic_***@discussions.microsoft.com> wrote in message
news:792BE717-5556-41A0-BB25-E0C016C115AF@microsoft.com...
> I'm looking for a way to get a remote HTTPS server's public certificate. I
> want to use this to encrypt data that will eventually be sent to that
> server
> via HTTPS, but I don't want the data to be readable on the computer's hard
> disk.
>
> The only way that I can see to do this is to create my own socket and
> start
> doing the SSL handshake up to step 2 as described in
> http://support.microsoft.com/kb/q257591/
>
> Of course, I would have to do a lot of work to worry that the computer
> that
> I'm talking to is actually the one I want.
>
> Is there anything out there that can make this a little easier.
>
> Thanks

10 Mar 2005 3:29 PM

tragic_hip

Works like a charm, thanks a lot!

Show quoteHide quote

"Nicole Calinoiu" wrote:

> You may be able to do this by implementing a custom ICertificatePolicy
> (http://msdn.microsoft.com/library/en-us/cpref/html/frlrfsystemneticertificatepolicyclasstopic.asp)
> when using System.Net.HttpWebRequest, which should allow you to leave
> testing of the certificate to the Framework while still exposing the
> certificate details to your code.
>
>
> "tragic_hip" <tragic_***@discussions.microsoft.com> wrote in message
> news:792BE717-5556-41A0-BB25-E0C016C115AF@microsoft.com...
> > I'm looking for a way to get a remote HTTPS server's public certificate. I
> > want to use this to encrypt data that will eventually be sent to that
> > server
> > via HTTPS, but I don't want the data to be readable on the computer's hard
> > disk.
> >
> > The only way that I can see to do this is to create my own socket and
> > start
> > doing the SSL handshake up to step 2 as described in
> > http://support.microsoft.com/kb/q257591/
> >
> > Of course, I would have to do a lot of work to worry that the computer
> > that
> > I'm talking to is actually the one I want.
> >
> > Is there anything out there that can make this a little easier.
> >
> > Thanks
>
>
>