W dniu 2018-04-04 o 17:34, Charles Mills pisze:
IBM sign the hash (in fact they sign whole serverpac)
I think the "whole serverpac" is effectively signed -- but the way that is done
is to sign the hash. There are security advantages too long a digression for this reply.
If you really want to encrypt the content (ie. DVD files) then you have to make
your pair of PRIVATE/PUBLIC keys. Yes, the customer has to do it and ask IBM to
use his public key
Yep, that is the process that certificates and the TLS protocol automate. TLS
does not do anything for you in terms of encryption that you could not do on
your own -- but worst case doing it without TLS would require your sending a
courier with a briefcase containing a secret key locked to his wrist to IBM,
and IBM maintaining a secret key for each customer. TLS automates that process,
securely.
NO!
Asymmetric crypto is the solution for secret key exchange. There is no
longer need to exchange the keys using briefcase.
I keep my private key in secret and my public key is really public. You
do the same with your key pair. Now I can encrypt (but NOT DECRYPT) some
data using your public key and only private key holder can decrypt it
(you). And vice versa - you can encrypt some data using my public key.
In case of doubt who is on the other end of wire (am I using YOUR key or
someone else's key?) certificates can be used.
Note: asymmetric cryptography is very cpu-consuming, approx. 1000 times
more than symmetric. That's why people (protocols) tend to use
asymmetric cyrpto to exchange small data portion - the key, symmetric
one. After that both parties share their own, unique, disposable key for
bulk data exchange.
--
Radoslaw Skorupka
Lodz, Poland
======================================================================
--
Treść tej wiadomości może zawierać informacje prawnie chronione Banku
przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie
jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem
niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania
adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie
lub inne działanie o podobnym charakterze jest prawnie zabronione i może być
karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie
zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość
włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku.
This e-mail may contain legally privileged information of the Bank and is
intended solely for business use of the addressee. This e-mail may only be
received by the addressee and may not be disclosed to any third parties. If you
are not the intended addressee of this e-mail or the employee authorized to
forward it to the addressee, be advised that any dissemination, copying,
distribution or any other similar activity is legally prohibited and may be
punishable. If you received this e-mail by mistake please advise the sender
immediately by using the reply facility in your e-mail software and delete
permanently this e-mail including any copies of it either printed or saved to
hard drive.
mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa,
www.mBank.pl, e-mail: kont...@mbank.plsąd Rejonowy dla m. st. Warszawy XII
Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców
KRS 0000025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2018 r. kapitał
zakładowy mBanku S.A. (w całości wpłacony) wynosi 169.248.488 złotych.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN