Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

When dealing with Asymmetric cryptographic algorithms, usually the sender of the

ID: 651747 • Letter: W

Question

When dealing with Asymmetric cryptographic algorithms, usually the sender of the critical data asks the listener for a Public Key for encrypting the data and sending them. This is while the private key remains only known to the listener so that it can decrypt the data. The problem in this scenario is that, the eavesdropper can eavesdrop on the Public Key and send "Falsified" data to the listener. In an abstract level, I know that this problem can be solved by making use of DSA to authorize the parties.

In Microsoft .Net Frameworks, the DSACryptoServiceProvider, very much like the RSA, I see that DSA is also a asymmetric algorithm consisting of a public and private key. And I assumed that with different Keys, I will come up with different signatures for the same data. So I also assume that I have to send the public key to the sender of the data for the purpose of verification ( the padlock concept). But in this case it will not work for the reason I explained.

My question is that, how do I have to use the DSA to assure that the stream is coming from the authorized party.

Explanation / Answer

If I'm understanding things correctly, you want to make sure that the public key you receive actually belongs to the person you want to communicate with.

Thus you want to avoid MITM attacks, which is non-easy. Standard (TLS/S/MIME/...) solution would be to create a certificate signed by someone you trust to assure you that the particular public key belongs to the entity you expect.

Another solution would be to exchange some data over a second (trusted) channel containing a hash of the public key assuring you that the key belongs to this person. It is sufficient to do this once for the life-time of a key.

The last method of defense I'm aware of is identity-based systems or implicitly-signed systems. This is highly complex and I'd rather go with certificates in large scale and with second channel in smale-scale.

Related Questions

When considering the whole economy; marco economic equilibrium is defined as: A)
Question #1108770
When considering the ‘feasible price range’ for a new product, which of the foll
Question #356516
When constructing a Confidence Interval for the population mean and both the sam
Question #3363055
When constructing a frequency distribution, do I find the class limit which will
Question #3242631
When constructing a frequency distribution, do I find the class limit which will
Question #3257348
When constructing the Hoover Dam, rock and concrete mix were put in a machine th
Question #2874585
When consulting manuals, electricians, online sources, etc., they always instruc
Question #1379336
When consulting various business problems, breaking the problem into MECE sets i
Question #392771
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
When data is transmitted across a noisy channel. information can be lost during
Next
When dealing with a backlog of email messages, it is best to answer the oldest m

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.