Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
CompTIA
Security+
Digital Certificates
wrathrow11
Can Digital Certificates be copied, and used to become someone else?
e.g Eve copied Alice's Digital Certificate and use it to send email to Bob, so that Bob will think the email came from Alice.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
haltok
according to the sybex book:
"The digital signature is derived from a hash process that is only known to the originator." So i suppose if you knew the hash process then yes??
s3nt3nc3
Alice can share her digital certificate safely to provide, for example, a secure channel with Tom, or Bob, or Sam...
Eve can't sign any mail with the cert of Alice because she don't know the Private Key of Alice (....I hope
.
This is the process of signing a mail to Bob:
Alice:
-Compute the hashing value of message (md5 or sha-1)
-Encrypt the hash with
Private Key
(...sorry Eve)
-Associate the encrypted hash with message
Bob:
-Decrypt the hash with
Public Key
of Alice
-Compute the hash value of message(with the same alg. used from Alice)
-Compare the hashes to verify the sender is really Alice
Ciao
Sartan
Before the days of certificate authorites, transmissions still began unencrypted. The first few packets of a transaction contained an unencrypted session key, which could then be copied and hashed. If you ran a packet sniffer continiously on a network you might be able to grab a key like that. However if you use IPSec polices you won't have to worry about it. Most important to the entire certificate process is an authority qualified to handle all transactions. Qualified No, they can't be copied.
The key at the bottom of the email (not in text) is the public key, not the private key. The data should be nice and safe. Just make sure your certificates don't get stolen or your authority hacked.
tahjzhuan
we used to keep our private keys on fortezza cards and if the card was lost or stolen, the certificate was put on a certificate revocation list (CRL). This made the card useless even if someone found the pin to the fortezza card.
you can store the keys on a common access card (CAC), fortezza card, or a floppy. It all depends on the cost you're willing to pay and the amount of security you're looking to implement.
to make a short story long, never say never
the certificate should be accompanied by a stong password or pin just in case it does fall into the wrong hands
*disclaimer*
I'm not sure if this helps any I'm just trying to keep it fresh in my mind
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
