• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Asymmetric encryption

 
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
John has a public/private key that has been signed by a trusted CA. Bill has a copy of John's public key. Bill sends John an encrypted jar file. John successfully decrypts it using his private key. Which of the following stmts are true (choose 2):

a. The jar file may ontain malicious code.
b. Bill has written the jar file.
c. The jar file may not have been signed with John's public key.
d. The code not has been modified in transit.

Correct ans according to Whizlab: A & D. In fact in explanation they say "scenario is somewhat misleading". Why the heck is it there then.

I don't see how D is correct. Since every one will have access to John's public key, I could intercept bill's message and put an entirely new message of my own and sign it using John's public key.

Comments Please!!

Yet another example of useless Whizlab. I have an exam on Monday and I am getting increasingly frustraded with this simulator. :-(
 
Ranch Hand
Posts: 135
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
a. The jar file may ontain malicious code.
b. Bill has written the jar file.
c. The jar file may not have been signed with John's public key.
d. The code not has been modified in transit.

I think I will choose A and D too as the answer. C is definitely incorrect. A is true. The truth of B cannot be ascertained, so I consider B to be false too.

I agreed with you that the Jar file can be totally replaced during transit but it's not possible for you to modify the code in the Jar file without violating the public-private key contract. Thus the statement "The code not has been modified in transit." is true, if you think it in that perspective.

Anyway, for practical reason, you can consider to sign and encrypt the Jar file to prevent most of the security considerations.

Just my 2cents. Cheers
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!