So from what I gathered reading the responses:
- I should the word "sign" intead of encryption, when encrypting using Private Key to encrypt the checksum. That is good suggestion.
The other question I have is - Should I send the digital signature as a seperate message, or should take the checksum of the data, attach it to the end of the data and then encrypt whole thing using the sender's private key.
Thanks. Sarah
From: Rich Salz <[EMAIL PROTECTED]>
To: Sarah Haff <[EMAIL PROTECTED]>
CC: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Re: diagram explaining encryption using openssl
Date: Sat, 20 Sep 2003 12:39:49 -0400 (EDT)
If your messages are longer than the size of an AES or 3DES key, you're less efficient. If they're ever going to be longer, you're stuck. :)
> That is what I m showing the diagram? Or is my diagram wrong? The only > difference is I am using MD5.
MD5 should be avoided except where it has to be used for legacy apps.
Your message digest was encrypted by the recipient's key, not the senders. Did I read your diagram wrong? If not, then why keep the digest private? Is sender authentication handled somewhere else? What is to stop an adversary from replacing the digest? Etc.
> I will take a look at the commands, and read the RFC. Is there something > specific I should be looking for?
General knowledge.
/r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
_________________________________________________________________
Get McAfee virus scanning and cleaning of incoming attachments. Get Hotmail Extra Storage! http://join.msn.com/?PAGE=features/es
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]