*.cer 文件是否包含私钥的问答

Q:

Using java 'keytool' command we
generate a private key and public key and also we can export the public key to a
.cer file. Now my question is can a .cer file contain a private key. My
impression is .cer is a public key certificate that can contain only public key
but not private key.  

Someone told me that they procured a certificate
from VeriSign and they have received a .cer file from VeriSign that contains
both private key and public key. Can this be true that .cer file can contain a
private key? Please clarify?

 

A:

I'm sure there would be a way to put a private key into the
".cer" file, but I'm equally certain this would be silly. The point of the
certificate is to distribute the public key.(cer文件的目的是传播公钥) If you distribute the private key,
the public key is worthless. (如果它同时也包含私钥，公钥就没用了)Likewise, I am pretty certain that your friend did
_not_ get a ".cer" from VeriSign with a private key in it.

The general
approach to getting certificates is to create the public/private key pair (these
are _not_ the same value, each one is unique - but related). Then using the
"public" key (it doesn't matter which one of the two you declare as "public",
but one will be put into the certificate, and the other will be protected from
anyone getting access - hence one is "public" and the other is "private"), you
will generate a "Certificate Signing Request" (CSR - following "PKCS#10"
specification from RSA). The CSR will contain identifying information about the
certificate requestor, and the public key. This is sent to the Certification
Authority (CA - e.g. VeriSign), who will (hopefully) verify the identity of the
requestor, and issue the certificate (the ".CER" file). The issued certificate
will contain all of the identifying information supplied to the CA, the public
key from the requestor, _AND_ the CA's digital signature (a digest/hash of the
data in the certificate, encrypted with the CA's private key). In order to
verify the certificate, you simply use the CA's public key (which you get from
their certificate), and decrypt the digest/hash value, and then run your own
hash/digest of the certificate you were given - if the one in the signature
matches the digest you generated - the certificate is the one issued by the
CA.

If your private key is given out, then both the public and private
keys are essentially useless. Sure, they can encrypt/decrypt for each other -
but _anyone_ could perform either side of the equation, which means that you
could never be sure who was doing what.