• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is this Right regarding PKI

 
Rinku Singh
Ranch Hand
Posts: 31
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
[PKI refers to a set of security services for authentication, encryption and digital certificate management under which documents are
encrypted with a private key and decrypted using a publicly available key accessible to the recipient via a network.

I have read somewhere that documents are encrypted using public key and decrypted using private key ??

I am looking if somebody clear the clouds .......thanks in advance ....
 
Rinku Singh
Ranch Hand
Posts: 31
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Come on guys its just a simple question .Please help me out ??
 
Rinku Singh
Ranch Hand
Posts: 31
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
 
Xia Lee
Greenhorn
Posts: 19
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Digital Signatures use private key for encryption and public key for decryption . Thats what I am aware of !

Not sure about public key encryption and private key decryption.
 
Rinku Singh
Ranch Hand
Posts: 31
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for clearing my confusion !!
I will go with it ...
 
Amit Ghorpade
Bartender
Posts: 2851
10
Fedora Firefox Browser Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rinku first take a look at this .
Any user has two keys associated with him one public key and another is private.
The terms themselves are self explanatory, the public key is made available to all those who wish to communicate confidential information to the user. And the user is in charge of his private key.
Now both the keys share a relation that anything encrypted with the public key can only be decrypted with the private key. In addition, although the keys share a mathematical relation, its nearly impossible to derive the private key using the public one.
More on public key cryptography here . More on PKI here.

Hope this helps
 
Rinku Singh
Ranch Hand
Posts: 31
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Amit for responding ..

But I am more confused now ... it may be because I did not understand what you mentioned .Are you stating that :

In PKI ...documents are encrypted with a public key and decrypted using a private key .

I went through the links but may be I am stupid ...
 
Xia Lee
Greenhorn
Posts: 19
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rinku,

Read question no. 12 & 13 from this link "http://java.sun.com/developer/Quizzes/misc/jwsa.html" . May be it will help you.
 
Rinku Singh
Ranch Hand
Posts: 31
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks a lot Lee ..
Just to be on same page ... we are saying Amit was right and that's what is there in Question 12& 13 :

In words:

Sender will send a message (encrypted using public key) , it will also send its private key in Signature to reciever .


Receiver on the other hand will decrypt the message using the sender's private key ..


Please confirm ..
 
Amit G Piplani
Ranch Hand
Posts: 83
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Private key is never send across to anyone.

Receiver will verify the message using the sender's public key(although it is not necessary to send sender's public key again in SOAP message as KeyInfo node itself is optional).
 
Rinku Singh
Ranch Hand
Posts: 31
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Amit Ji,

Are you saying that :

Q.XML Digital Signature specification is used to:Include a signature using the senders private key in the XML

is wrong ??
 
Rinku Singh
Ranch Hand
Posts: 31
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think I got the solution :Just want to share with everyone:

A. In CASE of XML Encryption:

1)Sender uses public key of the reciever to encrypt the message.
2)Reciever uses corresponding private key to decrypt the message.In this situation private key is not transferred as the reciever owns the private key.

B. In CASE of XML Signature:

1)Sender uses its own private key to digitally sign the message to be sent.
2) The receiver uses sender's public key to verify the digital Signature.


A very good explanation is giving here :
http://www-128.ibm.com/developerworks/xml/library/x-seclay1/
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic