[
Lists Home |
Date Index |
Thread Index
]
----- Original Message -----
From: "Mitch Amiano" <mitch.amiano@agilemarkup.com>
...
> But encryption alone is insufficient. One reason is that someone might
> well encrypt another file and substitute it for your original encrypted
> package. With a signature, both you and the receiver can perform a
> subsequent test that the signature and file still match up. Of course, if
> the signature is also with the original data, and that's your only copy,
> then someone could replace the signature too. Even if not, you or the
> receiver could conceivably maliciously replace both the file and the
> signature, thus creating an uncertainty about whose copy is authentic.
That's where public key cryptography comes in. You sign it using your
private key in such a way that the third party can't do without the private
key. Third parties can authenticate your signature using your public key.
Depending on context, you may need a way for a third-party to validate your
public key is really yours and not one made up by someone pretending to be
you. That may involve public key infrastructures, or a courier rider
providing you with a floppy disk!
HTH,
Pete.
--
=============================================
Pete Cordell
Tech-Know-Ware Ltd
for XML to C++ data binding visit
http://www.tech-know-ware.com/lmx
(or http://www.xml2cpp.com)
=============================================
|
