[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userCertificate question

Michael Luich wrote:
> Does userCertificate, userSMIMECertificate, and userPKCS12 store the
> users public or private key?

'userCertificate' is used solely to store the raw X.509 public-key cert.

'userSMIMECertificate' was meant to store a PKCS#7 blob signed by the entity
itself with the entity's X.509 public-key cert attached. It was possible for
an end-user with Netscape Communicator 4.x to send such a PKCS#7 blob to a
LDAP directory. I don't know any deployment which does that today.

'userPKCS12' contains a PKCS#12 blob which besides a cert chain potentially
contains the entity's private key hopefully all encrypted with a passphrase.
Again: I don't know any deployment which does that. Maybe in some Windows/AD
environment. However this could be helpful e.g. in a webmail deployment
together with S/MIME support.

Ciao, Michael.

Michael Ströder
E-Mail: michael@stroeder.com