Forum:

Web Services Certification (OCEJWSD)

security

Greenhorn

Posts: 6

posted 11 years ago

hi,
there are 2 questions and 4 answers below.
i think 1 & 4 are the correct ans for Qa & Qb both.
but i saw different ans somewhere. 2 & 3 for Qb.
can someone clarify, please?

rabi
--
Qa)What are true for using PKI in XML encryption?
Qb)wt are true about digital signature?

1-The sender uses a public key of receiver to encrypt the data
2-The sender uses its own private key to encrypt the data
3-The receiver uses a public key of the sender to decrypt the data
4-The receiver uses its own private key to decrypt the data

Yaron Naveh

Greenhorn

Posts: 24

posted 11 years ago

For Qa 1&4 are correct

For Qb 2&3 are correct

I think the way Qb is phrased is misleading somehow but technically 2&3 are correct.

[url]http://webservices20.blogspot.com/[/url]
Web Services Performance, Interoperability And Testing Blog

Rabi Mohapatra

Greenhorn

Posts: 6

posted 11 years ago

but what is the diff between a & b? i did not understand the diff. can you explain please?

Yaron Naveh

Greenhorn

Posts: 24

posted 11 years ago

One's public key is known to everybody but his private only to him,

Everybody should be able to encrypt a message and only one person should be able to decrypt it. So everybody will use the receiver public key to encrypt and he will use his key to decrypt (only he should be able to do it).

A signature proves someones identity. With signature only the sender should be able to sign (so others will not be able to impersonate her). Since only she knows here private key she will use it for signing. Everybody should be able to authenticate the signature. So they use the public key which is the only one they know.

[url]http://webservices20.blogspot.com/[/url]
Web Services Performance, Interoperability And Testing Blog

Rabi Mohapatra

Greenhorn

Posts: 6

posted 11 years ago

thanks for explaining!!

Another quick question:
for JSE deployment, the directory name for the myService.wsdl file should be in lower case(wsdl), correct?

Yaron Naveh

Greenhorn

Posts: 24

posted 11 years ago

I'm not sure about that, I suggest you will open a new thread

[url]http://webservices20.blogspot.com/[/url]
Web Services Performance, Interoperability And Testing Blog

Dan Drillich

Ranch Hand

Posts: 1183

posted 11 years ago

Digital signature which leads to Public-key cryptography says on the right side -

In a signature scheme the private key is needed to sign a message; but anyone can check the signature using the public key. Validity depends on private key security.

It means that for Qb 2 & 3 are correct.

However, I'm not sure why above it, it says -

In an encryption scheme anyone can encrypt using the public key, but only the holder of the private key can decrypt. Security depends on the secrecy of the private key.

Any thoughts?

Regards,
Dan

William Butler Yeats: All life is a preparation for something that probably will never happen. Unless you make it happen.

Balaji Loganathan

author and deputy

Posts: 3150

posted 11 years ago

Hi All,
I am moving this thread to Web Services Certification (SCDJWS) forum as its fits pretty well there.
Regards
Balaji D Loganathan

Spritle Software Blogs

Yaron Naveh

Greenhorn

Posts: 24

posted 11 years ago

Dan

What is exactly your question? I think this sentence correctly describe the encryption process.

[url]http://webservices20.blogspot.com/[/url]
Web Services Performance, Interoperability And Testing Blog

Dan Drillich

Ranch Hand

Posts: 1183

posted 11 years ago

Thank you Yaron - I think I got it now.

William Butler Yeats: All life is a preparation for something that probably will never happen. Unless you make it happen.

If you live in a cold climate and on the grid, incandescent light can use less energy than LED. Tiny ad:

Devious Experiments for a Truly Passive Greenhouse!

https://www.kickstarter.com/projects/paulwheaton/greenhouse-1