Digital Signatures
One of the questions on the second practice exam (35 questions) referred to digital signatures. "Digital signatures for email messages are encrypted hash values that digitally sign the email to verify the sender. What is the signing part of the process?" The correct answer was "a. Encrypting the message with someones private key" and the explanation was "The actualy 'signing' of the message means that it was encrypted with someones private key."
I thought that you could sign a message without encrypting it? Another option was Hashing the message with the systems private key, although this didn't seem exactly right because in some cases you use your own private key.
Anyway, I am unclear about this.
I thought that you could sign a message without encrypting it? Another option was Hashing the message with the systems private key, although this didn't seem exactly right because in some cases you use your own private key.
Anyway, I am unclear about this.
Comments
-
Webmaster
Admin Posts: 10,292 Admin
The second practice exam is written by our distinguished moderator RussS, so maybe it'd be better if he explains it. If your text is a copy-and-paste from our test engine, I think it is the missing word 'digest' that causes the confusion. When signing a message, it is not the message that is encrypted with the sender's private key but the message 'digest' (the hash value). This is done to ensure integrity of both the sender and the message itself. I'll have a closer look at the question later.
I described the process in more detail here:
www.techexams.net/technotes/securityplus/emailsecurity.shtml -
RussS
Member Posts: 2,068 ■■■□□□□□□□
Hmmmm - I better investigate that myself after I finish work today.www.supercross.com
FIM website of the year 2007