Painter, Philip wrote:
I don't think you're wrong there Alok. The E(KDE)PUBK is
A random Des key taken as _data_ and encrypted asymmetrically
With the recipient's public key. Only the recipient will be
Able to decrypt it, with her private key.
what do you mean by encrypted assymetrically? The only DES i know is reversable (as per Bruce Schenier too :) )
the whole concept is not "public and private key" but "session key" which has to be "only known by sender and receiver" ..as far as I thought.
I maybe wrong though.
Philip Painter Hewlett-Packard Company 07747456508 http://ecardfile.com/id/PhilipPainter
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alok Sent: 23 September 2004 16:25 To: [EMAIL PROTECTED] Subject: Re: signedandenveoped + encryption from commandline
Not at all, there's no man in the middle issue at all because the certificates which are issued by a trusted TP g'tee the ownership of the public key.
The logic goes like this:
You generate a random DES key known only to you. Let's call this KDE
You use this to encrypt the data. Lets call this E(Data)KDE.
You encrypt KDE under the recipients Public Key which you know to be his because it is certified by a CA. Let's call this E(KDE)PUBK. You send E(Data)KDE and E(KDE)PUBK to the recipient.
...over a secure channel?
if not E(KDE)PUBK is nothing but DES using key=pubk and data = kde are
you saying DES is a 1 way hash function? AFAIK it is not, so if u know pubk, u can get kde too.
The only person who can decrypt KDE is the recipient as the are the only person who has the private key that goes with their public key. The recipient decrypts E(KDE)PUBK, using their private key, thus retrieving KDE, this can in turn be used to decrypt E(Data)KDE.
No possibility of a MIM attack because you get the recipients PUBK from
a certificate digitally signed by the CA's private key, and the validity of this can be checked using the CA's certificate.
Now of course if we didn't have certificates, then this all falls apart.
Get yourself a copy of Bruce Schneier's "Applied Cryptography" (ISBN 0-471-11709-9) and read it.
good idea :)
-thanks!
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
