Encryption question

From: Preston, Tony (Tony.Preston_at_acs-inc.com)
Date: 02/24/04

  • Next message: Day, David: "RE: weird"
    To: security-basics@securityfocus.com
    Date: Tue, 24 Feb 2004 13:01:29 -0600

    Tony Preston
    Systems Engineer, AS&T Inc.
    Division of L3 Corporation
    (609) 485-0205 x 181

    I have what is a rather basic question... I probably am missing something
    so I thought I would ask here.

    Alice and Bob both have a public and private key.

    Alice encrypts her email to Bob using his public key. Sends the email and
    Bob decrypts it using his keys..

    Since both Bob and Alice's public keys are known, Why can't I take Alice's
    public key and create a key pair using any other private key. Now, I fake
    an electronic signature from Alice using the pair I created and send a bogus
    encrypted message to Bob with my "fake" Alice signature. Bob checks the
    signature by using the public key and it is valid. Bob assumes the message
    is from Alice...

    What prevents me from spoofing someone's electronic signature this way?


  • Next message: Day, David: "RE: weird"

    Relevant Pages

    • Re: Searchindexer -- for whose benefit?
      ... If the OTP is a 32 Gb MicroSD card, they can exchange a pair of email ... How does the recipient know he has your correct public key? ... Lets call you Alice, and the other guy Bob. ...
    • Re: Simple authenticated channel
      ... protocols (in this case, I assume Bob uses a DH keypair), followed by ... It is assumed Alice already has an authetic copy of Bob's public key. ... The attacker therefore does not hold k, ...
    • Re: PGP Lame question
      ... i think that given Q and Bob's public key, ... Q can be linked as encrypted to Bob ... can verify that Alice signed something somehow connected to Bob? ... Alice encrypts M with R and gets an output, ...
    • Practical improvement of DH-ElGamal scheme
      ... Improving DH-ElGamal public key encryption scheme can be done in ... For person Alice: ... Linking between 2 persons (Alice and Bob): ... Attacking this encryption scheme: ...
    • Re: GPG
      ... In a practical sense, only Bob may decrypt ... Alice on the way to Bob and prevent it from reaching Bob. ... Alice may encrypt the message with Bob's public key, ... the others) before issuing their certificates. ...