Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>You can do this, but it's not necessarily good practice.</p> <p>Firstly, when you say "SSL certificate", you probably mean "X.509 certificate". SSL/TLS uses X.509 certificates most of the time, but it can also use <a href="http://tools.ietf.org/html/rfc6091" rel="nofollow noreferrer">OpenPGP certificates</a> (as far as I'm aware, only GnuTLS supports them).</p> <p>Note that I'm also using the expression "OpenPGP certificate". Most people call them "(Open)PGP public keys", but they are in fact certificates: they're the combination of a public key, an identifier and some attributes, signed by other entities which attach their signature to it, so as to form the overall certificate. Strictly speaking, it's not just a public key.</p> <p>The main difference between an X.509 certificate and a PGP certificate is that the X.509 can only have one signature (that of the issuer), whereas multiple signatures can be added onto a PGP certificate. (The PGP model can be used for a hierarchical PKI-like model, whereas the PKI model can't be used to handle the Web-of-Trust model.)</p> <p><a href="https://svn.java.net/svn/sommer~svn/trunk/misc/FoafServer/pgpx509/src/net/java/dev/sommer/foafserver/utils/PgpX509Bridge.java" rel="nofollow noreferrer">This Java code</a> demonstrates how to "convert" a set of PGP keys into a self-signed X.509 certificate. In principle, you could also turn it into a CSR to get an X.509 certificate from CA. Whether it's a good idea to do so is a different matter.</p> <p>Firstly, it's usually a good idea to re-generate new key-pairs once in a while. Typically, that's one of the reasons X.509 certificates used for SSL have an end of validity date (PGP signatures can also be limited in time).</p> <p>You would also effectively put all your eggs in the same basket. If one of the key is compromised, both your X.509 and PGP certificates would be compromised.</p> <p>More importantly, <a href="https://security.stackexchange.com/questions/1806/why-should-one-not-use-the-same-asymmetric-key-for-encryption-as-they-do-for-sig">it's considered bad practice to re-use the same keys for signing and encryption</a>: using them for two different applications (SSL/TLS and GnuPG) would only make the problem worse.</p>
    singulars
    1. This table or related slice is empty.
    1. POGnuPG/PGP and SSL: Sharing the same private key?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USCommunity
    1. USBruno
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POGnuPG/PGP and SSL: Sharing the same private key?
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COThanks, it makes sense now. And yes, I'm not really a security expert, so I'm not yet familiar with all the terms (SSL, PGP, Key, X.509).
      singulars
      1. PO
      1. USPedro
    2. COJust a note: our SecureBlackbox also supports OpenPGP keys in SSL/TLS.
      singulars
      1. PO
      1. USEugene Mayevski 'Allied Bits
    3. COI'm trying this approach too and it seems impossible to verify that a self-signed X.509 certificate is linked (signed by) to a specific OpenPGP key. How do I do that? Here is the question: http://stackoverflow.com/q/19678786/1045199
      singulars
      1. PO
      1. USDaniele Ricci
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload