Re: Encryption question

[Jamie Pratt <jamie () nucdc org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hmmm.. I would think that this just won't work unless the "faked" public
key has no passphrase, otherwise pgp/gpg can't generate the public key's
signature, because the public key's passphrase is required to sign
anything...? (Not to mention the fact that the sig is a bit different
each time it's generated)

regards,
jamie

Preston, Tony wrote:

|
| Tony Preston
| Systems Engineer, AS&T Inc.
| Division of L3 Corporation
| (609) 485-0205 x 181
|
| I have what is a rather basic question...  I probably am missing something
| so I thought I would ask here.
|
| Alice and Bob both have a public and private key.
|
| Alice encrypts her email to Bob using his public key.  Sends the email and
| Bob decrypts it using his keys..
|
| Since both Bob and Alice's public keys are known, Why can't I take Alice's
| public key and create a key pair using any other private key.  Now, I fake
| an electronic signature from Alice using the pair I created and send a
bogus
| encrypted message to Bob with my "fake" Alice signature.  Bob checks the
| signature by using the public key and it is valid.   Bob assumes the
message
| is from Alice...
|
| What prevents me from spoofing someone's electronic signature this way?
|
|
|
|
- 
---------------------------------------------------------------------------
|
- 
----------------------------------------------------------------------------
|
|
|


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: GPG/PGP Digital Signatures Increase Security For Everyone

iD8DBQFAPOyqFnM/ewGVQ7IRAmqMAJ9pV/gK+wlUA8k+8pSO80R56Fmr+ACeLRU4
VLD2+RDwNdpEPNdKKXgh6+o=
=PUFO
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
----------------------------------------------------------------------------