Security Basics mailing list archives
RE: integrity and mail encryption
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 7 Nov 2005 08:44:51 -0800
The sender attempting repudiation may base this on three
grounds only:
1. The CA granted a key pair to somebody pretending to be me.
2. The CA issued me a key pair, but also gave the private key
to somebody else (or was compromised, allowing this to happen).
3. I gave my private key to somebody else (or was compromised...).
So integrity assumes that the CA and the keyholder have each
taken appropriate steps to ensure that the private key is available
only to the party identified on the certificate. If that assumption
is violated, the PKI infrastructure is *broken*, and nonrepudiation
is not the only feature of PKI that becomes moot.
David Gillett
-----Original Message----- From: Pranav Lal [mailto:pranav.lal () gmail com] Sent: Saturday, November 05, 2005 8:03 AM To: security-basics () securityfocus com Subject: RE: integrity and mail encryption Hi Adrian, How do you establish ownership of a private key? As others have said you need a certifying authority to establish this so a public key infra-structure by itself does not provide non-repudiation. Pranav on Friday 11/4/2005 02:40 PM, Adrian Floarea said: In fact the public key digital signature provide non-repudiation which means that only the person which has the corresponding private key can make a digital signature. Shortly, the process is: you have a private key and a public key. The private key is secret. When you make a digital signature, first you make a hash of electronic data and after that, you encrypt this hash with your private key. When someone wants to verify your signature, make again the hash on the data, decrypt the original hash using your public key and after that, compare them. Because, you are the only person which has the private key, you can't deny that you are the person who make the original digital signature. Actually the process is much complicated, but the essence is that what I explain bottom. Regards, Security Product Team Leader Adrian Floarea, CISA Information Security Department Bucharest, Romania Email: adrian.floarea () uti ro -----Original Message----- From: Pranav Lal [mailto:pranav.lal () gmail com] Sent: Wednesday, November 02, 2005 11:21 PM To: security-basics () securityfocus com Subject: RE: integrity and mail encryption Hi Bob, How does public key encryption provide non-repudiation Pranav
Current thread:
- RE: integrity and mail encryption, (continued)
- RE: integrity and mail encryption b . hines (Nov 01)
- RE: integrity and mail encryption Adrian Floarea (Nov 01)
- Message not available
- RE: integrity and mail encryption Pranav Lal (Nov 03)
- RE: integrity and mail encryption David Gillett (Nov 04)
- RE: integrity and mail encryption Robert Hines (Nov 04)
- RE: integrity and mail encryption Andrew Chong (Nov 04)
- RE: integrity and mail encryption Robert Hines (Nov 07)
- RE: integrity and mail encryption Adrian Floarea (Nov 04)
- RE: integrity and mail encryption Pranav Lal (Nov 07)
- RE: integrity and mail encryption Adrian Floarea (Nov 07)
- RE: integrity and mail encryption David Gillett (Nov 07)
- RE: integrity and mail encryption b . hines (Nov 01)
- Re: integrity and mail encryption Saqib Ali (Nov 04)