RE: integrity and mail encryption

[Pranav Lal <pranav.lal () gmail com>]

Hi Adrian,

How do you establish ownership of a private key? As others have said 
you need a certifying authority to establish this so a public key 
infra-structure by itself does not provide non-repudiation.

Pranav
on Friday 11/4/2005 02:40 PM, Adrian Floarea said:

In fact the public key digital signature provide non-repudiation 
which means
that only the person which has the corresponding private key can make 
a
digital signature. Shortly, the process is: you have a private key 
and a
public key. The private key is secret. When you make a digital 
signature,
first you make a hash of electronic data and after that, you encrypt 
this
hash with your private key. When someone wants to verify your 
signature,
make again the hash on the data, decrypt the original hash using your 
public
key and after that, compare them. Because, you are the only person 
which has
the private key, you can't deny that you are the person who make the
original digital signature.

Actually the process is much complicated, but the essence is that 
what I
explain bottom.

Regards,

Security Product Team Leader
Adrian Floarea, CISA
Information Security Department
Bucharest, Romania
Email: adrian.floarea () uti ro







-----Original Message-----
From: Pranav Lal [mailto:pranav.lal () gmail com]
Sent: Wednesday, November 02, 2005 11:21 PM
To: security-basics () securityfocus com
Subject: RE: integrity and mail encryption

Hi Bob,

How does public key encryption provide                  non-repudiation


Pranav