• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security

 
Rabi Mohapatra
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
there are 2 questions and 4 answers below.
i think 1 & 4 are the correct ans for Qa & Qb both.
but i saw different ans somewhere. 2 & 3 for Qb.
can someone clarify, please?

rabi
--
Qa)What are true for using PKI in XML encryption?
Qb)wt are true about digital signature?

1-The sender uses a public key of receiver to encrypt the data
2-The sender uses its own private key to encrypt the data
3-The receiver uses a public key of the sender to decrypt the data
4-The receiver uses its own private key to decrypt the data
 
Yaron Naveh
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For Qa 1&4 are correct

For Qb 2&3 are correct

I think the way Qb is phrased is misleading somehow but technically 2&3 are correct.
 
Rabi Mohapatra
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
but what is the diff between a & b? i did not understand the diff. can you explain please?
 
Yaron Naveh
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One's public key is known to everybody but his private only to him,

Everybody should be able to encrypt a message and only one person should be able to decrypt it. So everybody will use the receiver public key to encrypt and he will use his key to decrypt (only he should be able to do it).

A signature proves someones identity. With signature only the sender should be able to sign (so others will not be able to impersonate her). Since only she knows here private key she will use it for signing. Everybody should be able to authenticate the signature. So they use the public key which is the only one they know.
 
Rabi Mohapatra
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for explaining!!

Another quick question:
for JSE deployment, the directory name for the myService.wsdl file should be in lower case(wsdl), correct?
 
Yaron Naveh
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure about that, I suggest you will open a new thread
 
Dan Drillich
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Digital signature which leads to Public-key cryptography says on the right side -
In a signature scheme the private key is needed to sign a message; but anyone can check the signature using the public key. Validity depends on private key security.


It means that for Qb 2 & 3 are correct.

However, I'm not sure why above it, it says -

In an encryption scheme anyone can encrypt using the public key, but only the holder of the private key can decrypt. Security depends on the secrecy of the private key.


Any thoughts?

Regards,
Dan


 
Balaji Loganathan
author and deputy
Bartender
Posts: 3150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I am moving this thread to Web Services Certification (SCDJWS) forum as its fits pretty well there.
Regards
Balaji D Loganathan
 
Yaron Naveh
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dan

What is exactly your question? I think this sentence correctly describe the encryption process.
 
Dan Drillich
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Yaron - I think I got it now.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic