3
Via a Webapi . Net 4.6.1 I am integrating with a service that requires data to be sent on a connection TLS 1.2 duly digitally signed using the standard PKCS#7, but when checking an example of integration, realized that the implementation makes use of the class X509Certificate2, and that the X.509 is also a certificate standard.
1. After all, if both are standards, use the class X509Certificate2 is a mistake to implement based on PKCS#7?
2. On TLS connections the certificate should not be sent only once in the Handshake TLS and after all the validations be exchanged the symmetric key shares to then yes start sending the data in a safe way?
2.1. In this case it seems to me that the data is already being signed and sent with the private asymmetric key to then yes to be decrypted with the public on the target server. Or behind the curtain itself .Net manage all the process necessary to complete the TLS connection correctly until generating the symmetric key?
X509 defines the format of digital certificates, and PKCS7 defines digital signature. Technically, it is signed with the private key (but the certificate only has the public key), but it is said that it "signed with the certificate" when the private key corresponding to the public key of the certificate was used. I don’t know if it’s like that in . NET (I don’t program in C#), but some Apis even make the private key
– hkotsubo