Security Basics mailing list archives
Re: Encryption question
From: Jamie Pratt <jamie () nucdc org>
Date: Wed, 25 Feb 2004 13:43:02 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hmmm.. I would think that this just won't work unless the "faked" public key has no passphrase, otherwise pgp/gpg can't generate the public key's signature, because the public key's passphrase is required to sign anything...? (Not to mention the fact that the sig is a bit different each time it's generated) regards, jamie Preston, Tony wrote: | | Tony Preston | Systems Engineer, AS&T Inc. | Division of L3 Corporation | (609) 485-0205 x 181 | | I have what is a rather basic question... I probably am missing something | so I thought I would ask here. | | Alice and Bob both have a public and private key. | | Alice encrypts her email to Bob using his public key. Sends the email and | Bob decrypts it using his keys.. | | Since both Bob and Alice's public keys are known, Why can't I take Alice's | public key and create a key pair using any other private key. Now, I fake | an electronic signature from Alice using the pair I created and send a bogus | encrypted message to Bob with my "fake" Alice signature. Bob checks the | signature by using the public key and it is valid. Bob assumes the message | is from Alice... | | What prevents me from spoofing someone's electronic signature this way? | | | |- ---------------------------------------------------------------------------
|- ----------------------------------------------------------------------------
| | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: GPG/PGP Digital Signatures Increase Security For Everyone iD8DBQFAPOyqFnM/ewGVQ7IRAmqMAJ9pV/gK+wlUA8k+8pSO80R56Fmr+ACeLRU4 VLD2+RDwNdpEPNdKKXgh6+o= =PUFO -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Encryption question Preston, Tony (Feb 25)
- Re: Encryption question Lars Georg Paulsen (Feb 25)
- Re: Encryption question Hollis Johnson (Feb 26)
- Re: Encryption question Lars Georg Paulsen (Feb 26)
- Re: Encryption question Hollis Johnson (Feb 26)
- Re: Encryption question Jamie Pratt (Feb 25)
- RE: Encryption question Burton M. Strauss III (Feb 25)
- Re: Encryption question Aaron Keck (Feb 25)
- Re: Encryption question Theo Chaojareon (Feb 25)
- Re: Encryption question Raghu Chinthoju (Feb 27)
- <Possible follow-ups>
- RE: Encryption question Gene LeDuc (Feb 25)
- Re: Encryption question SERGIO OTERO (Feb 25)
- RE: Encryption question Jordan, Jason D. "Dallas" (Feb 25)
- RE: Encryption question Prasad S. Athawale (Feb 26)
- RE: Encryption question Hollis Johnson (Feb 26)
- Re: Encryption question Lars Georg Paulsen (Feb 25)