aspose file tools*
The moose likes Web Services Certification (SCDJWS/OCEJWSD) and the fly likes security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Certification » Web Services Certification (SCDJWS/OCEJWSD)
Bookmark "security" Watch "security" New topic
Author

security

Rabi Mohapatra
Greenhorn

Joined: Dec 26, 2008
Posts: 6
hi,
there are 2 questions and 4 answers below.
i think 1 & 4 are the correct ans for Qa & Qb both.
but i saw different ans somewhere. 2 & 3 for Qb.
can someone clarify, please?

rabi
--
Qa)What are true for using PKI in XML encryption?
Qb)wt are true about digital signature?

1-The sender uses a public key of receiver to encrypt the data
2-The sender uses its own private key to encrypt the data
3-The receiver uses a public key of the sender to decrypt the data
4-The receiver uses its own private key to decrypt the data
Yaron Naveh
Greenhorn

Joined: Oct 26, 2008
Posts: 24
For Qa 1&4 are correct

For Qb 2&3 are correct

I think the way Qb is phrased is misleading somehow but technically 2&3 are correct.


[url]http://webservices20.blogspot.com/[/url]
Web Services Performance, Interoperability And Testing Blog
Rabi Mohapatra
Greenhorn

Joined: Dec 26, 2008
Posts: 6
but what is the diff between a & b? i did not understand the diff. can you explain please?
Yaron Naveh
Greenhorn

Joined: Oct 26, 2008
Posts: 24
One's public key is known to everybody but his private only to him,

Everybody should be able to encrypt a message and only one person should be able to decrypt it. So everybody will use the receiver public key to encrypt and he will use his key to decrypt (only he should be able to do it).

A signature proves someones identity. With signature only the sender should be able to sign (so others will not be able to impersonate her). Since only she knows here private key she will use it for signing. Everybody should be able to authenticate the signature. So they use the public key which is the only one they know.
Rabi Mohapatra
Greenhorn

Joined: Dec 26, 2008
Posts: 6
thanks for explaining!!

Another quick question:
for JSE deployment, the directory name for the myService.wsdl file should be in lower case(wsdl), correct?
Yaron Naveh
Greenhorn

Joined: Oct 26, 2008
Posts: 24
I'm not sure about that, I suggest you will open a new thread
Dan Drillich
Ranch Hand

Joined: Jul 09, 2001
Posts: 1164
Digital signature which leads to Public-key cryptography says on the right side -
In a signature scheme the private key is needed to sign a message; but anyone can check the signature using the public key. Validity depends on private key security.


It means that for Qb 2 & 3 are correct.

However, I'm not sure why above it, it says -

In an encryption scheme anyone can encrypt using the public key, but only the holder of the private key can decrypt. Security depends on the secrecy of the private key.


Any thoughts?

Regards,
Dan



William Butler Yeats: All life is a preparation for something that probably will never happen. Unless you make it happen.
Balaji Loganathan
author and deputy
Bartender

Joined: Jul 13, 2001
Posts: 3150
Hi All,
I am moving this thread to Web Services Certification (SCDJWS) forum as its fits pretty well there.
Regards
Balaji D Loganathan


Spritle Software Blogs
Yaron Naveh
Greenhorn

Joined: Oct 26, 2008
Posts: 24
Dan

What is exactly your question? I think this sentence correctly describe the encryption process.
Dan Drillich
Ranch Hand

Joined: Jul 09, 2001
Posts: 1164
Thank you Yaron - I think I got it now.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: security
 
Similar Threads
Help required to solve two drag and drop questions
Tread synchronized
need help abt 64 encoder/decoder
Is this Right regarding PKI
Do you encrypt password yourselves?