Miha
Sun Sep 19 11:08:16 CDT 2004
It depends where you got the certificate and what service they provide. In
general yes, you should be able to cancel your certificate (if your
certificate authority provides this) and this process should put your
certificate on revocation list. For details, check your CA information.
Backup is useful if something happens with your computer profile -- e.g. it
gets corrupted. Then you can create new profile on your computer and import
your certificate from backup copy. If you don't, you will lose access to
encrypted data for good.
Baseline of your private key protection is password that you use for logon
to your computer (your account password) -- (if you use Windows 2000 or
newer Microsoft OS). You can additionally protect your private keys with a
password.
Don't mix Smart Cards and Biometrics. They are not the same. Personally I
think Biometrics will need few more years before it comes widely accepted.
Right now it is not very reliable or is too expensive. Still you can get
smart card readers with finger print readers built-in (instead of PIN for
your smart card, you need you fingerprint). Then there are different
implementation of this. You can even buy a mouse with fingerprint reader
built-in that will enable you to logon to Windows (instead of username and
password).
Another important thing to keep in mind. Don't leave your computer unlocked.
If you do, anyone can come around and use your private key to either read
your confidential data or send e-mails in your name (e-mails that are
digitally signed with your private key).
Mike
"digital" <anonymous@discussion.microsoft.com> wrote in message
news:e$t1F3lnEHA.608@TK2MSFTNGP09.phx.gbl...
> But if anyone would get to my certificate, I can cancel my certificate
> associated with the email on the website of CA, can't I?
> If I anyone stole my private key, is the backup of private key useful?
> As you have said, the password of private key is the baseline of its
> security if I don't have a smart card? How common is the biometrics now?
> "Miha Pihler" <mihap-news@atlantis.si> дÈëÓʼþ
> news:utAcFxlnEHA.644@tk2msftngp13.phx.gbl...
> > You don't need to worry about your public key. You can publish it on a
web
> > site or where ever you want. The only key that you need to worry about
is
> > your private key.
> >
> > I posted to you once how to secure your privacy, so here is it again.
> >
> > Do not run Kazaa and other peer to peer applications on same computer
that
> > you use to write your confidential documents and e-mails or use on-line
> bank
> > service on. Personally I have certificates for such purposes (on-line
> > banking, secure e-mail,...) stored on smart card. It does provide
> additional
> > security -- while still not 100% secure, but close enough.
> >
> > To protect your digital certificates, you must use:
> > a) secure OS (e.g. Windows 2000, Windows XP) with latest patches,
> antivirus,
> > personal firewall, anti spy ware, etc...
> > b) strong - hard to guess password (password that has more then 14
> > characters)
> > c) have a backup of your private key in secure place (e.g. exported and
> > copied to CD (or more then 1 CD), stored in a safe place. Again use
strong
> > password when you export your private key).
> >
> > If you don't use smart card for certificate storage, your password is
the
> > one that is protecting your profile where your certificates are stored.
If
> I
> > can guess your password easily then I can get to your certificates and
use
> > them in your name...
> >
> > Mike
> >
> > "digital" <anonymous@discussion.microsoft.com> wrote in message
> > news:%23MsOjplnEHA.3968@TK2MSFTNGP11.phx.gbl...
> > > How to ensure the security of public key and private key stored on my
> OS?
> > > Is it possible the key stolen when my OS is hacked?
> > > "Miha Pihler" <mihap-news@atlantis.si> дÈëÓʼþ
> > > news:%23KczCblnEHA.3628@TK2MSFTNGP09.phx.gbl...
> > > > You can send it as a file attachment (just like you would send e.g.
a
> > word
> > > > document or a picture). Instead of *.doc or *.jpg you will attach
> *.cer
> > > file
> > > > that you got when you exported your public key.
> > > >
> > > > Mike
> > > >
> > > > "digital" <anonymous@discussion.microsoft.com> wrote in message
> > > > news:%23cnCOKknEHA.3628@TK2MSFTNGP09.phx.gbl...
> > > > > email the certicaficate? Do you mean copy the certificate file
then
> > send
> > > > to
> > > > > the recipient? How to attach my public keys when I use Outlook?
> > > > > "Miha Pihler" <mihap-news@atlantis.si> дÈëÓʼþ
> > > > > news:u0jYQKjnEHA.648@tk2msftngp13.phx.gbl...
> > > > > > Hi,
> > > > > >
> > > > > > You can export your public key. If you installed it correctly
you
> > > should
> > > > > be
> > > > > > able to view your certificate here. Open IE and go to Tools ->
> > > Internet
> > > > > > Options. Click on Content tab and Certificates. You should see
> your
> > > > > > certificate under Personal.
> > > > > >
> > > > > > Click and select the certificate and select the export option.
> > Select
> > > > "No,
> > > > > > do not export my private key". Select location where you want
your
> > > > public
> > > > > > keys stored. You will get *.cer format of the file.
> > > > > >
> > > > > > Now you can e-mail this file to anyone. Another option would
also
> be
> > > to
> > > > > > digitally sign your e-mail. Depending on the client that you use
> it
> > > can
> > > > > > attach your public keys automatically when you digitally sign
your
> > > > e-mail.
> > > > > >
> > > > > > Mike
> > > > > >
> > > > > > "digital" <anonymous@discussions.microsoft.com> wrote in message
> > > > > > news:171b01c49e28$ced51cd0$a501280a@phx.gbl...
> > > > > > > And how can send it to my email recipient?
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>