--- Alok <[EMAIL PROTECTED]> a écrit :
> El hallabi-Kettani Abderrahmane wrote:
>
> > --- Alok <[EMAIL PROTECTED]> a écrit :
> >
> >
> >>I think there is a reason why you cant encrypt a
> >>message without 1st
> >>signing it using smime
> >>
> >>By your logic, any preshared "key" would do the
> >>trick , why bother with
> >>the cert ?
> >>(in other words, hiscert or mycert, if all you are
> >>doing is using it as
> >>a key to some encoder, why bother with certs)??
> >>
> >>
> >
> >the utility of the certificat is to avoid the
> middle
> >men attack, so you have a public key(encryption)
> >certified .
> >the use of the smime is compulsory if we want to
> have
> >a PKCS7 format, for example Signed and envelopped
> data
> >.
> >
> formatting data apart,
> say I am sending him an smime email
>
> i 1st sign it, then attach my cert, then encrypt
> with mycert /hiscert
>
> if that is indeed what I am doing then both
> "hiscert" and "mycert" is
> public knowledge right? it is "public cert"?
>
> So any man in the middle would be able to get the
> data if he either
> knows "mycert" or "hiscert",which is our pub cert
> and hence everyone
> would know it correct?
Why you sign the data?
you sign it to ensure integrity (Hash) "can't be
changed", and to authenticate the sender(owner of the
private key) .
the encryption is to ensure the confidentiality
"invisible from a third part" .
The certificate is sent by a trust third party
"certification Authority, CA" to certify the public
key
from being intercepted, then to avoid a middle men
attack from having the public key in stage 1, and the
pair (pub_key,priv_key) in stage 2 of the middle men
attack.
there are 2 stages of the middle men attack.
there is another attack wich concerns the CA, that is
why we have created what we called trust certificate .
Abdou,
Vous manquez d’espace pour stocker vos mails ?
Yahoo! Mail vous offre GRATUITEMENT 100 Mo !
Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/
Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour
dialoguer instantanément avec vos amis. A télécharger gratuitement sur
http://fr.messenger.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
