I do the same!

Thanks. Please share.

Thanks

Thanks

Thanks and Welcome.

Thanks.

sir can I get some implementation details of same....I want to implement it in java.

You may check my slides and code snippets available at: pkiindia.in/Download_Presentation_Servlet?id=ppt16

Thank You so much Sir ....

Thanks!

Thanks

Alice signing the message and encrypting the message with receiver's public key is the right way to do. If it is done the other way, then it would be possible for an attacker to strip Alice signature and add his/hers, which will remove the authenticity of the message, and it also means that the receiver can't be sure whether the message has indeed originated from Alice.

You don't have to approach any one. The signer's public key (embedded in a digital certificate) comes with his/her digitally signed document. So you can use that key to verify the document's integrity. Then you can see whether you are able to trust the signer(issuer) of the digital certificate, typically the Certification Authority.

First the digital signature has to be generated for the message and then encrypted. It cannot be the other way - the reason is that when you send a message which is first encrypted and then signed - an attacker can remove the signature and probably attach his signature - and the receiver may assume that the message has originated from the attacker, rather than from the original sender. (there are few more points also, but they are supplementary). Yes, the message and signature are attached together and sent to the receiver. However, if you look at a signed message / document - let us say a signed XML, Doc or PDF document there is a clear demarcation between the message and the digital signature - so there will be a clear separation between the message and its digital signature despite it being an integrated message or document.

Thank you for the explanation!

Thanks. Here we are referring to 'Non-repudiation' as the inability to disown the key pair. For instance, let us assume that in absence of CA (Certifying Authority) - you and me have mutually agreed upon our individual public keys. Now upon receipt of a particular digitally signed message from me, you act on it, and later I may disown sending you that message - by saying that I am no longer using those pair of keys or someone might have misused my keys and sent it. So this can be overcome by having a common authority (Certifying Authority) whom we both can trust, wherein we both have an obligation to report about change of keys or loss of keys. In this way, CAs have a role in ensuring Non-repudiation. Additionally as you mentioned CAs are also responsible for verification of the authenticity of an entity, before the issue of Certificate.

Even, "...Upon successful verification (preferably by meeting in person or by phone)" does not assure you that you are meeting the genuine person. All security checks performed by a CA is a more assured way of verifying authenticity. Once the Digital Signature certificate is issued, the sender cannot repudiate a transaction.

First part in your reply - "does not assure you that you are meeting the genuine person" - that's the reason why PKI needs the support of Policy & Laws - for example - CA's have the right to revoke certificate if they find an impersonation and even initiate a criminal action against the offender under the laws of the country. Second Part of your reply - "Once the DSC is issued, the sender cannot repudiate a transaction" - as long as the DSC remains valid - and the DSC's validity is controlled by the CA. Therefore CA's play a key role in ensuring non-repudiation