+ Reply to Thread
Results 1 to 4 of 4
  1. Junior Member
    Join Date
    Nov 2013
    Posts
    8
    #1

    Default 1 question regrading digitally sign an email

    the original question :

    which of the following is used to digitally sign an email ?

    A Private Key B Public Key C Sender's IP D Sender's MAC address

    officially the answer is A

    But my understanding is the sender use public key to encrypt the mail and the receiver use private key to decrype the email , therefore the answer is B ?

    can someone please explain to me, many thanks!
    Reply With Quote Quote  

  2. SS -->
  3. Resident Underachiever EdTheLad's Avatar
    Join Date
    May 2005
    Location
    Globe trotter, nfa
    Posts
    2,116

    Certifications
    CCNP/CCIP/IE Written
    #2
    Don't confuse encryption with signatures. When encrypting the sender uses the public key and the receivers use the private key. The signature however is used to prove the senders authenticity, to do this the sender uses his private key.
    A signature is created by first performing a hash of the original message and then encrypting this hash, the result is a signature that is attached to the message. When the receiver decrypts the signature using the public key it gets the hash, the receiver can then perform a hash on the original message and compare generated hash to the received hash. If both hashes match, the message has not been altered and authenticity, integrity have from the sender have been proved.
    Last edited by EdTheLad; 11-05-2013 at 11:56 PM.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Jul 2008
    Location
    Tampa, FL
    Posts
    104

    Certifications
    A+, Security+, Cloud+, CCENT, GCIH, CISSP
    #3
    EdTheLad is correct. One other thing I would like to mention is you need to understand what the question is asking.

    Confidentiality Scenario

    If I am the sender and you are the receiver and I want to ensure confidentiality I will encrypt the message with your public key, so that you are the only one (hopefully) who can decrypt the message with your private key. However, there is no authenticity that I am sender, nor is there non-repudiation.

    Authenticity/Integrity/Non-Repudiation Scenario

    If I am the sender and you are receiver and I want to ensure that you know with certainty that the message is from me, I will hash the message and encrypt the hash with my private key. Now when you receive my message you use my public key to decrypt the hash value, and you hash the message. If all is well the hashes will match.

    So in any question try to determine what exactly is the question asking.
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Nov 2013
    Posts
    8
    #4
    Hi Samura

    thanks for the explanation , now I understand .
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks