Re: Encryption question

• Previous message: Aaron Keck: "Re: Encryption question"
• In reply to: Preston, Tony: "Encryption question"
• Next in thread: Jordan, Jason D. \: "RE: Encryption question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 25 Feb 2004 12:41:35 -0500
To: "Preston, Tony" <Tony.Preston@acs-inc.com>

Hey Tony,

The reason is because ONLY Alice's private key can decrypt something
encrypted by Alice's public key, and vice versa, only her public key can
decrypt something encrypted by her private key. For this reason you
can't make an arbitrary pair and say they are a key set.

> Alice and Bob both have a public and private key.
>
> Alice encrypts her email to Bob using his public key. Sends the email and
> Bob decrypts it using his keys..
>
> Since both Bob and Alice's public keys are known, Why can't I take Alice's
> public key and create a key pair using any other private key. Now, I fake
> an electronic signature from Alice using the pair I created and send a bogus
> encrypted message to Bob with my "fake" Alice signature. Bob checks the
> signature by using the public key and it is valid. Bob assumes the message
> is from Alice...
>
> What prevents me from spoofing someone's electronic signature this way?

T

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Aaron Keck: "Re: Encryption question"
• In reply to: Preston, Tony: "Encryption question"
• Next in thread: Jordan, Jason D. \: "RE: Encryption question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]