Let web server W have its own pair of public and private keys (K^+_W, K^-_W). We

Question

Let web server W have its own pair of public and private keys (K^+_W, K^-_W). Web browser B trusts K^+_W for W (according to W's certificate). B does not own any public and private key pairs, however. Is it possible for B to send confidential messages to W1 If so, how? If not, why? Is it possible for W to send messages with integrity preservation to B? If so, how? If not, why? Is it possible for W to send confidential messages to B ? If so, how? If not, why? Is it possible for B to authenticate itself to W? If so, how? If not, why?

Explanation / Answer

a) Yes, B can send conifdential messages to W by encrypting the messages with public key of W. W can then decrypt the messages by using his private key.

b) Yes. W can sign a message with his private key. Since B has access to W's public key, B can check whether the data is authentic or not.

c) No, W can not send confidential messages to B because anyone can decrypt the W's messages using W's public key. To send confidetial messages, W must have access to B's public key

d) No, B can not autheticate itself to W. To do so, B would require to sign some data using his private key. Since B does not have any private key, he can not authenticate itself.

Related Questions

Navigate

• Browse (All)
• Browse L
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.