• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Asymmetric encryption

 
Jeff Belisle
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
John has a public/private key that has been signed by a trusted CA. Bill has a copy of John's public key. Bill sends John an encrypted jar file. John successfully decrypts it using his private key. Which of the following stmts are true (choose 2):

a. The jar file may ontain malicious code.
b. Bill has written the jar file.
c. The jar file may not have been signed with John's public key.
d. The code not has been modified in transit.

Correct ans according to Whizlab: A & D. In fact in explanation they say "scenario is somewhat misleading". Why the heck is it there then.

I don't see how D is correct. Since every one will have access to John's public key, I could intercept bill's message and put an entirely new message of my own and sign it using John's public key.

Comments Please!!

Yet another example of useless Whizlab. I have an exam on Monday and I am getting increasingly frustraded with this simulator. :-(
 
Eddy Lee Sin Ti
Ranch Hand
Posts: 135
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
a. The jar file may ontain malicious code.
b. Bill has written the jar file.
c. The jar file may not have been signed with John's public key.
d. The code not has been modified in transit.

I think I will choose A and D too as the answer. C is definitely incorrect. A is true. The truth of B cannot be ascertained, so I consider B to be false too.

I agreed with you that the Jar file can be totally replaced during transit but it's not possible for you to modify the code in the Jar file without violating the public-private key contract. Thus the statement "The code not has been modified in transit." is true, if you think it in that perspective.

Anyway, for practical reason, you can consider to sign and encrypt the Jar file to prevent most of the security considerations.

Just my 2cents. Cheers
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic