Penetration Testing mailing list archives

Re: Opening PKI encrypted with Public Key outside your Escrow Authority.

From: Enno Rey <erey () ernw de>
Date: Mon, 6 Mar 2006 21:31:31 +0000

Hi,

But If User () Acme com uses the Public Key from User () Beta com to encrypt.
Can I open this message using only the Keys I have Escrowed?


no, as you don't have the corresponding private key (the one of user () beta com).

 
btw: I believe your SOL without that other key as it's encrypted with
it. Am I right?


no, it's encrypted with the public key of user () beta com.
To decrypt it you would need the private key of user () beta com.
As beta.com company/users probably did _not_ hand over their private keys to you (for escrow)...

thanks,

Enno

Sbenson

DRM:
"In other words, embarrass and shackle the progress of improvements of
tomorrow by recording and registering as law the prejudices and errors
of today". - Isambard Kingdom Brunel



------------------------------------------------------------------------------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA)
and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------------


-- 
Enno Rey

ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg
Tel. +49 6221 480390 - Fax 6221 419008 - Mobil +49 173 6745902
www.ernw.de - PGP 055F B3F3 FE9D 71DD C0D5  444E C611 033E 3296 1CC1 

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------

Current thread:

Opening PKI encrypted with Public Key outside your Escrow Authority. Benson, Sean M (Mar 06)
- Re: Opening PKI encrypted with Public Key outside your Escrow Authority. Enno Rey (Mar 07)
- RE: Opening PKI encrypted with Public Key outside your Escrow Authority. Adrian Floarea (Mar 07)
- Re: Opening PKI encrypted with Public Key outside your Escrow Authority. derez (Mar 07)
- <Possible follow-ups>
- RE: Opening PKI encrypted with Public Key outside your Escrow Authority. Benson, Sean M (Mar 07)