security
Rabi Mohapatra
Greenhorn
Posts: 6
posted 8 years ago
hi,
there are 2 questions and 4 answers below.
i think 1 & 4 are the correct ans for Qa & Qb both.
but i saw different ans somewhere. 2 & 3 for Qb.
can someone clarify, please?
rabi
--
Qa)What are true for using PKI in XML encryption?
Qb)wt are true about digital signature?
1-The sender uses a public key of receiver to encrypt the data
2-The sender uses its own private key to encrypt the data
3-The receiver uses a public key of the sender to decrypt the data
4-The receiver uses its own private key to decrypt the data
there are 2 questions and 4 answers below.
i think 1 & 4 are the correct ans for Qa & Qb both.
but i saw different ans somewhere. 2 & 3 for Qb.
can someone clarify, please?
rabi
--
Qa)What are true for using PKI in XML encryption?
Qb)wt are true about digital signature?
1-The sender uses a public key of receiver to encrypt the data
2-The sender uses its own private key to encrypt the data
3-The receiver uses a public key of the sender to decrypt the data
4-The receiver uses its own private key to decrypt the data
Yaron Naveh
Greenhorn
Posts: 24
Rabi Mohapatra
Greenhorn
Posts: 6
Yaron Naveh
Greenhorn
Posts: 24
posted 8 years ago
One's public key is known to everybody but his private only to him,
Everybody should be able to encrypt a message and only one person should be able to decrypt it. So everybody will use the receiver public key to encrypt and he will use his key to decrypt (only he should be able to do it).
A signature proves someones identity. With signature only the sender should be able to sign (so others will not be able to impersonate her). Since only she knows here private key she will use it for signing. Everybody should be able to authenticate the signature. So they use the public key which is the only one they know.
Everybody should be able to encrypt a message and only one person should be able to decrypt it. So everybody will use the receiver public key to encrypt and he will use his key to decrypt (only he should be able to do it).
A signature proves someones identity. With signature only the sender should be able to sign (so others will not be able to impersonate her). Since only she knows here private key she will use it for signing. Everybody should be able to authenticate the signature. So they use the public key which is the only one they know.
[url]http://webservices20.blogspot.com/[/url]
Web Services Performance, Interoperability And Testing Blog
Rabi Mohapatra
Greenhorn
Posts: 6
Yaron Naveh
Greenhorn
Posts: 24
posted 8 years ago
I'm not sure about that, I suggest you will open a new thread
[url]http://webservices20.blogspot.com/[/url]
Web Services Performance, Interoperability And Testing Blog
Dan Drillich
Ranch Hand
Posts: 1183
posted 8 years ago
Digital signature which leads to Public-key cryptography says on the right side -
It means that for Qb 2 & 3 are correct.
However, I'm not sure why above it, it says -
Any thoughts?
Regards,
Dan
In a signature scheme the private key is needed to sign a message; but anyone can check the signature using the public key. Validity depends on private key security.
It means that for Qb 2 & 3 are correct.
However, I'm not sure why above it, it says -
In an encryption scheme anyone can encrypt using the public key, but only the holder of the private key can decrypt. Security depends on the secrecy of the private key.
Any thoughts?
Regards,
Dan
William Butler Yeats: All life is a preparation for something that probably will never happen. Unless you make it happen.
Balaji Loganathan
author and deputy
Bartender
Bartender
Posts: 3150
Yaron Naveh
Greenhorn
Posts: 24
| It is sorta covered in the JavaRanch Style Guide. |