1 question regrading digitally sign an email
WangMichael
Member Posts: 9 ■□□□□□□□□□
in Security+
the original question :
which of the following is used to digitally sign an email ?
A Private Key B Public Key C Sender's IP D Sender's MAC address
officially the answer is A
But my understanding is the sender use public key to encrypt the mail and the receiver use private key to decrype the email , therefore the answer is B ?
can someone please explain to me, many thanks!
which of the following is used to digitally sign an email ?
A Private Key B Public Key C Sender's IP D Sender's MAC address
officially the answer is A
But my understanding is the sender use public key to encrypt the mail and the receiver use private key to decrype the email , therefore the answer is B ?
can someone please explain to me, many thanks!
Comments
-
EdTheLad Member Posts: 2,111 ■■■■□□□□□□Don't confuse encryption with signatures. When encrypting the sender uses the public key and the receivers use the private key. The signature however is used to prove the senders authenticity, to do this the sender uses his private key.
A signature is created by first performing a hash of the original message and then encrypting this hash, the result is a signature that is attached to the message. When the receiver decrypts the signature using the public key it gets the hash, the receiver can then perform a hash on the original message and compare generated hash to the received hash. If both hashes match, the message has not been altered and authenticity, integrity have from the sender have been proved.Networking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
samurai86 Member Posts: 104 ■■□□□□□□□□EdTheLad is correct. One other thing I would like to mention is you need to understand what the question is asking.
Confidentiality Scenario
If I am the sender and you are the receiver and I want to ensure confidentiality I will encrypt the message with your public key, so that you are the only one (hopefully) who can decrypt the message with your private key. However, there is no authenticity that I am sender, nor is there non-repudiation.
Authenticity/Integrity/Non-Repudiation Scenario
If I am the sender and you are receiver and I want to ensure that you know with certainty that the message is from me, I will hash the message and encrypt the hash with my private key. Now when you receive my message you use my public key to decrypt the hash value, and you hash the message. If all is well the hashes will match.
So in any question try to determine what exactly is the question asking.Bachelor's of Applied Science in Technology Management - Information Security Assurance (St. Petersburg College)
Masters of Science in Digital Forensics (University of Central Florida)