Answer Posted / ramkumar
Suppose Alice wants to find Bob's public key. There are
several possible ways of doing this. She could call him up
and ask him to send his public key via e-mail. She could
request it via e-mail, exchange it in person, as well as
many other ways. Since the public key is public knowledge,
there is no need to encrypt it while transferring it,
though one should verify the authenticity of a public key.
A mischievous third party could intercept the transmission,
replace Bob's key with his or her own and thereby be able
intercept and decrypt messages that are sent from Alice to
Bob and encrypted using the ``fake'' public key. For this
reason one should personally verify the key (for example,
this can be done by computing a hash of the key and
verifying it with Bob over the phone) or rely on certifying
authorities (see Question 4.1.3.12 for more information on
certifying authorities). Certifying authorities may provide
directory services; if Bob works for company Z, Alice could
look in the directory kept by Z's certifying authority.
Today, full-fledged directories are emerging, serving as on-
line white or yellow pages. Along with ITU-T X.509
standards (see Question 5.3.2), most directories contain
certificates as well as public keys; the presence of
certificates lower the directories' security needs.
Is This Answer Correct ? | 0 Yes | 0 No |
Post New Answer View All Answers
What is probabilistic encryption?
What is an algorithm?
what is pretty good privacy?
What are the ecb and cbc modes?
How Encoding is different from Encryption?
What are some other public key cryptosystems ?
How to change the location of the Kryptel (Silver Key) program group?
How to I prevent other users from using Kryptel (Silver Key)?
What is multiple encryption?
Do encrypted files contain password in some form?
How is an s-box value of AES can be modified? How is it done?
What are knapsack cryptosystems?
What is merkles tree signature scheme?
What is are "proprietary" and "public" cryptographic algorithms?
Do digital signatures help detect altered documents and transmission errors?