Hi Darshana,
It is correct that nobody else but the server can decrypt the encrypted
symmetric key. But the problem is, if client didn't use a pre shared key,
somebody else in the middle can intercept the message, read the content
(only the symmetric key used for signing is encrypted, not the cont
Hi Lahiru,
When it comes to public key and private key cryptography it is asymmetric
key cryptography. After the client encrypts a symmetric key if it was
intercepted by a third party there is no way to decrypt it without the
servers public key and hence the content cannot be accessed and altered
Good explanation Chamila. Thanks.
I guess its better if this was mentioned in the above diagram so anyone can
understand how this actually provides security. At least it can be
mentioned that there is a handshaking mechanism between client and the
server to share a secret symmetric key, prior to
The symmetric key is shared between the trusted parties using the
asymmetric key. The encryption is done with the recipient’s public key, so
it is not possible for someone in the middle to decrypt the symmetric key
information without the server's private key. The server's private key
should be sec
Hi Dushan,
I thought the symmetric key used by client is not a pre shared key because
description says "using a symmetric key *derived by client*", which implies
that the key is generated at the time the client needs to send the message
to the server. If the symmetric key is pre shared as you desc
Hi
Read description of again,
what it says
signed using symmetric key then encrypt using service public key, so
server end only way to verify now decrypt message using service private
key, and validate signature with symmetric key.
Now validating integrity : symmetric key is shared only
Hi All,
Following is the diagram given by ESB about how it provides integrity for a
service. (Securing a service using basic scenario No. 3)
[image: Inline image 1]
According to the diagram, client uses a generated symmetric key to sign the
message, encrypts the used key using server's public k
