[JDEV] Signed & encrypted messages
Max Horn
max at quendi.de
Mon Jun 4 11:52:56 CDT 2001
At 8:50 Uhr -0500 04.06.2001, Dustin Puryear wrote:
>Michael Brown wrote:
>> > >property would be up to clients. Since there may be more than
>> > >one certificate (for each different algorithm) we can't really
>> > >put them all into a user's vcard, since that would be too big.
>> >
>> > I agree. I'd prefer if vCards would stay small. But maybe vCards
>> > should be signable? So we can verify they are real ;)
>>
>> Can someone explain this to me? I'm no crypto expert, so maybe I'm missing
>> something...
>
>Are you asking about the "signable" remark? If so Max is simply talking
>about a signature, which ensure the integrity of the vCard. Normally, a
>hashing algorithm such as SHA-1 or MD5 is used for this purpose. Of
>course, passing a vCard in plaintext with a signature attached might not
>be as great a solution as it first sounds. How do we know both the vCard
>and signature weren't modified?
The only way is to sign the vcard with a key, and this key (which
very well could be part of the vcard or not, that doesn't matter)
must be signed by some trusted third party (e.g. a CA)
> > email they send? (Is a PGP Signature the same as what we are talking about
>> here?) My Lotus Notes file is only 4.7K, and it has quite a few x.509
>
>A PGP signature is similar in that it ensures integrity, but PGP uses a
>different technique to deliver this guarantee.
Yeah.
Max
--
-----------------------------------------------
Max Horn
C++/ObjC/Java Developer
email: <mailto:max at quendi.de>
phone: (+49) 6151-494890
More information about the JDev
mailing list