The neat thing about PKI is that the odds of getting the private key information from the public key are astronomical. So don't worry about getting private key info from the public key. The danger in PKI, like in most security issues, is keeping your private key to yourself , the same way you should be protecting your password and desktop. Lock it up when you are away from your desk and keep the smart card, or what ever media you store your PKI cert on, secure. Hope this helps! "K" ================================ Are you referring to attaching the actual certificate to an e-mail? I would definitely want that transfer to happen over a secure channel. <a href="http://world.std.com/~dtd/">Don Davis</a> says: A public-key security system trusts its users to validate each others' public keys rigorously and to manage their own private keys securely. Both tasks are hard to do well, but public-key security systems lack a centralized infrastructure for enforcing users' discipline. It is best too that the certificate be <a href="http://www.youdzone.com/signature.html">generated by a trusted 3rd party</a> rather than self-signed (see the plot complication section at the bottom). Here's a great blurb on this from <a href="http://research.microsoft.com/crypto/publickey.aspx">Microsoft Research</a>: "In theory, it might be possible to derive the private key from the public key by working the formula backwards. In practice, no one has ever done it and it doesnt look like anyone ever will. Factoring large numbers is so hard that even the most powerful supercomputers in the world cant break an ordinary public key." See the following for additional tutorial material on PKI: <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">Public-key cryptography</a> <a href="http://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf">Everything you Never Wanted to Know about PKI but were Forced to Find Out</a> <a href="http://www.isode.com/whitepapers/dist-pki-tutorial.html">A Short Tutorial on Distributed PKI</a> <a href="http://www.security-forums.com/viewtopic.php?t=8611&start=0&postdays=0&postorder=asc&highlight=&sid=091e05764756c379daefff5fc8946e5c">Public Key Infrastructure (PKI) Tutorial - An Introduction</a>

The neat thing about PKI is that the odds of getting the private key information from the public key are astronomical. So don't worry about getting private key info from the public key. The danger in PKI, like in most security issues, is keeping your private key to yourself , the same way you should be protecting your password and desktop. Lock it up when you are away from your desk and keep the smart card, or what ever media you store your PKI cert on, secure. Hope this helps! "K" ================================ Are you referring to attaching the actual certificate to an e-mail? I would definitely want that transfer to happen over a secure channel. <a href="http://world.std.com/~dtd/">Don Davis</a> says: A public-key security system trusts its users to validate each others' public keys rigorously and to manage their own private keys securely. Both tasks are hard to do well, but public-key security systems lack a centralized infrastructure for enforcing users' discipline. It is best too that the certificate be <a href="http://www.youdzone.com/signature.html">generated by a trusted 3rd party</a> rather than self-signed (see the plot complication section at the bottom). Here's a great blurb on this from <a href="http://research.microsoft.com/crypto/publickey.aspx">Microsoft Research</a>: "In theory, it might be possible to derive the private key from the public key by working the formula backwards. In practice, no one has ever done it and it doesnt look like anyone ever will. Factoring large numbers is so hard that even the most powerful supercomputers in the world cant break an ordinary public key." See the following for additional tutorial material on PKI: <a href="http://en.wikipedia.org/wiki/Public-key_cryptography">Public-key cryptography</a> <a href="http://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf">Everything you Never Wanted to Know about PKI but were Forced to Find Out</a> <a href="http://www.isode.com/whitepapers/dist-pki-tutorial.html">A Short Tutorial on Distributed PKI</a> <a href="http://www.security-forums.com/viewtopic.php?t=8611&start=0&postdays=0&postorder=asc&highlight=&sid=091e05764756c379daefff5fc8946e5c">Public Key Infrastructure (PKI) Tutorial - An Introduction</a>