none
makecert question RRS feed

  • Question

  • When I use makecert.exe to generate certificate there is an argument "-sky (keytype)" with possible values signature|exchange.

    Can anyone tell me the difference between them?

    When I use the certificate as protection to my WCF service it requires to have the value "exchange". Does this mean the certificate cannot be used for signature, or does "exchange" implicitly also mean "signature"?

    http://webservices20.blogspot.com/
    WCF Security, Performance And Testing Blog
    Sunday, February 22, 2009 10:48 AM

Answers

  • 'signature' keys can only be used to sign things.
    'exchange' keys can be used to sign or encrypt things.

    So, 'exchange' does imply 'signature'.

           -Steve

    P.S. Makecert can also be used for creating certificates used in production, if you know what you're doing. We use proper (well-known CA) SSL certificates for WCF transport encryption, but we also use makecert to define our own CA and issue client authentication certificates.
    Programming blog: http://nitoprograms.blogspot.com/
      Including my TCP/IP .NET Sockets FAQ

    Microsoft Certified Professional Developer
    • Marked as answer by Yaron Naveh Wednesday, October 21, 2009 2:23 PM
    Tuesday, October 20, 2009 5:28 PM

All replies

  • Certificate Creation Tool (Makecert.exe) 

     

    The Certificate Creation tool generates X.509 certificates for testing purposes only. It creates a public and private key pair for digital signatures and stores it in a certificate file. This tool also associates the key pair with a specified publisher's name and creates an X.509 certificate that binds a user-specified name to the public part of the key pair.

    Makecert.exe includes basic and extended options. Basic options are those most commonly used to create a certificate. Extended options provide more flexibility.

    Complete reference link:
    http://msdn.microsoft.com/en-us/library/bfsktky3(VS.80).aspx

    Regards,
    Jai

    Tuesday, October 20, 2009 4:29 PM
  • 'signature' keys can only be used to sign things.
    'exchange' keys can be used to sign or encrypt things.

    So, 'exchange' does imply 'signature'.

           -Steve

    P.S. Makecert can also be used for creating certificates used in production, if you know what you're doing. We use proper (well-known CA) SSL certificates for WCF transport encryption, but we also use makecert to define our own CA and issue client authentication certificates.
    Programming blog: http://nitoprograms.blogspot.com/
      Including my TCP/IP .NET Sockets FAQ

    Microsoft Certified Professional Developer
    • Marked as answer by Yaron Naveh Wednesday, October 21, 2009 2:23 PM
    Tuesday, October 20, 2009 5:28 PM