Re: simple question again

Wed, 18 May 2005 12:32:48 -0700 

On May 18, 2005, at 2:45 PM, Miles Bradford wrote:

My question on top of that was - "How could someone intercept an encrypted
message and get to the information inside the certificate without corrupting
the encryption that the data is wrapped in - since once the perpetrator
learned who you are - who cares that that data was encrypted or not at this
point. The whole point of encryption is to keep people out - correct?

Certificates aren't encrypted. They're used to establish the encryption in the first place.

I am trying to understand someone else's writing "could not" be a problem
if someone intercepts a certificate. I have a problem with the first part
to start with. How can an encryption be intercepted, undone and the data
inside gotten to, then rewrapped in encryption and then passed on. I don't
understand encryption working like that. I totally agree with you and David
- in that you cannot cheat the encryption.

There's no such thing as 'intercepting' a certificate. You'll notice that this message has a certificate attached. You can't 'intercept' it because I'm not intending to prevent you from receiving it. In fact, I'm intending that you *do* receive it.

Now that you have my certificate, you can create a message encrypted such that only I can read it -- since only I have the private key needed to decrypt it. The mirror image of public key encryption is digital signature. I sign with my private key, and the public key verifies the signature -- that the signer must be holding the private key.

A certificate is an assertion of identity of a keyholder. Mine says "The key used to sign this message belongs to [EMAIL PROTECTED]" It makes no guarantees about my personal identity (e.g. my real name) but from it you can conclude that the message was sent by the owner of this mailbox and wasn't forged by someone else. Should you believe what my certificate says? Well, it was signed by Thawte, so if you trust them, then yes.

Once you trust my certificate, you can use it for encrypting messages to me.

I hope this helps.

Josh

--
Joshua Juran
Metamage Software Creations - Mac Software and Consulting
http://www.metamage.com/

               * Creation at the highest state of the art *




Attachment:
smime.p7s

Description: S/MIME cryptographic signature

Reply via email to