Options

Question about Digitally Signed Data

Mmartin_47Mmartin_47 Member Posts: 430
in Planning Network Infra 70-293
I was reading the book on page 11-3 and it states that "if you want to send someone a message and have them be absolutely sure that it came from you, you can digitally sing it by using your private key to encrypt all or part of the data. Anyone receiving the message can then decrypt the encoded data by using your public key"

Question is the statement saying that there are 2 public keys between each client? I'm confused when it says using YOUR public key. Or is there 1 public key?
· Share on FacebookShare on Twitter

Comments

  • Options
    Nishesh.PrasadNishesh.Prasad Member Posts: 185
    When using a key pair, the Logic behind Public Keys are that they are 'Publicly' available to Trusted parties ... having said that, the public key can also be transferred during the initial security negotiation that takes place while, lets say, Client A attempts to connect to Client B. Thus, there can be only 1 Public key corresponding to 1 Private key for any entity. Hence, when we say 'your' public key ... we mean 'Your' public key corresponding to 'Your' private key. Therefore, when you transmit a message encrypted with your Private Key .... the other party would be able to read it only after decrypting it & to do that it needs 'Your' public key.

    cheers.
    MCITP: EA 2008| VCP4| MCSE 2003 | CCNA | MCSA 2003: Security | MCDST | Security+ | ITILV3
    · Share on FacebookShare on Twitter
  • Options
    Mmartin_47Mmartin_47 Member Posts: 430
    Ah ok. Thanks for clearing that up! One more question. I just finished the lesson about digital certificates and was wondering where are the private keys stored? I know they should be stored in a safe place.
    · Share on FacebookShare on Twitter
  • Options
    Nishesh.PrasadNishesh.Prasad Member Posts: 185
    The archived version of the Private Key pair is stored in the CA Database - normally the Root. The key can be retrieved from the CA Database ONLY by a Certificate Manager which is in an encrypted PKCS #7 file format. Mind you, the key can only be 'retrieved' in the encrypted format but cannot be decrypted by the Certificate Manager. The CM then forwards the PKCS #7 file encrypted with the KRA's public key to KRA [Key Recovery Agent] who can first decrypt the encrypted PKCS #7 file using his own Private key and then decrypt the PKCS #7 file using the KRA Certificate onto a PKCS # 12 file which is the User's Private Key. This PKCS #12 file is then sent to the original user encrypted with a Secret Key for the User to decrypt it on the Other end.

    cheers. :)
    MCITP: EA 2008| VCP4| MCSE 2003 | CCNA | MCSA 2003: Security | MCDST | Security+ | ITILV3
    · Share on FacebookShare on Twitter
  • Options
    MishraMishra Member Posts: 2,468 ■■■■□□□□□□
    C:\Documents and Settings\%username%\Application Data\Microsoft\Crypto\RSA
    My blog http://www.calegp.com

    You may learn something!
    · Share on FacebookShare on Twitter
Sign In or Register to comment.