1 Reply Latest reply on Oct 23, 2009 5:57 AM by SForrest96

    How Public key in the server are identified

    S V Satish Kumar Level 1

      Hi,

       

      How the public key in the server is identifed for a private key.

      Consider an organization where the employee count is more than 1000 and each one ius given a private key.

      If any employee is submitting the form how the server will verify the signed document with th epublic key.How it will fetch the

      public key of the employee.Will it check one by one or what mechanism is followed.

       

      Regards,

      S.V.Satish Kumar

        • 1. Re: How Public key in the server are identified
          SForrest96 Level 4

          Digital certificates canb be generated in a couple of ways.  They can be "self-signed", meaning they are generated by the user of the certificate using some type of application (Acrobat Pro for example) or utility (Java Keytool for example), or they can be generated by a trusted third party Certificate Authority (i.e VeriSign).

           

          If the digital certificate used to generate a signature was issued from a trusted Certificate Authority (CA), then there is a "certificate chain", meaning the end user certificate "chains" up to the issuing party's (i.e. VeriSign) ROOT certificate.  If a digital certificate is"self-signed" there is no certificate "chain".

           

          So, if you are validating a digital signature generated by a self-signed certificate, then you need the corresponding public key to the self-signed certifcate.  If you had 1000 users with self-signed certificates, then you need the 1000 corresponding public keys.  In the case of LiveCycle you would need to import the 1000 certificates (public keys) into the Trust Store and configure the "trust" for the certificates.

           

          If you are validating a digital signature generated by a certificate issued by a trusted CA, then you need the corresponding public key (root certificate) of the issuing authority.  If you had 1000 users with CA issued certificates, you only need the ROOT public key from the issuing CA.  In the case of LiveCycle you would need to import the 1 certificates (public keys) into the Trust Store and configure the "trust" for the certificate.  If you trust the "issuer", then you implicitly trust any certificate issued by the trusted CA.

           


          Hope this helps.

          Steve