I don't think you're wrong there Alok. The E(KDE)PUBK is A random Des key taken as _data_ and encrypted asymmetrically With the recipient's public key. Only the recipient will be Able to decrypt it, with her private key.
Philip Painter Hewlett-Packard Company 07747456508 http://ecardfile.com/id/PhilipPainter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alok Sent: 23 September 2004 16:25 To: [EMAIL PROTECTED] Subject: Re: signedandenveoped + encryption from commandline > > >Not at all, there's no man in the middle issue at all because the >certificates which are issued by a trusted TP g'tee the ownership of >the public key. > >The logic goes like this: > >You generate a random DES key known only to you. Let's call this KDE > >You use this to encrypt the data. Lets call this E(Data)KDE. > >You encrypt KDE under the recipients Public Key which you know to be >his because it is certified by a CA. Let's call this E(KDE)PUBK. You >send E(Data)KDE and E(KDE)PUBK to the recipient. > ...over a secure channel? if not E(KDE)PUBK is nothing but DES using key=pubk and data = kde are you saying DES is a 1 way hash function? AFAIK it is not, so if u know pubk, u can get kde too. > >The only person who can decrypt KDE is the recipient as the are the >only person who has the private key that goes with their public key. >The recipient decrypts E(KDE)PUBK, using their private key, thus >retrieving KDE, this can in turn be used to decrypt E(Data)KDE. > >No possibility of a MIM attack because you get the recipients PUBK from >a certificate digitally signed by the CA's private key, and the >validity of this can be checked using the CA's certificate. > >Now of course if we didn't have certificates, then this all falls >apart. > >Get yourself a copy of Bruce Schneier's "Applied Cryptography" (ISBN >0-471-11709-9) and read it. > good idea :) -thanks! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
