Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

We all know about how Digital Signing works. I just have some questions about vu

ID: 658703 • Letter: W

Question

We all know about how Digital Signing works. I just have some questions about vulnerability risk.

At first, As I know, the Signature and the Data are separated and we can split the document into two different parts. So we can change both and then re-join them together.

Second, I think In network transfer layer, we have no trust and the MIM attack is always possible.

Now, suppose I'm the MIM. I can get data, split it into Content and Signature, change the Content, sign it with my own Private Key then send it to the other party. I also can change the Public Key of the first party on the way and replace it to my own one.

So, Don't you think if the receiver gets the public key of the sender on the Internet, the MIM would be possible as I explained?

I myself think the scenario is too easy to be a real problem, I think I don't have enough knowledge about. Can you explain it in simple?

Note that I have same problem on the SSL/TLS and the CA ... I think they are also vulnerable when they're using on the Internet that simply and the attackers may have access to the hardwares and network appliances (like governments).

Explanation / Answer

The problem you are outlining is not a problem with digital signature per say, but is part of a bigger problem with establishing identity in PKI systems. A digital signature on some data proves (assuming that your digital signature algorithm is secure) that this data has not been altered except by whoever holds the matching private key. You still need to have some scheme to match public keys to users (or servers etc).

In x509 (SSL, TLS) this is done by subject matching (does the common name on the certificate match the server name I am connecting to?) and by establishing a trust chain

In PGP this is done via manual matching or via the web of trust

Related Questions

Waysafe Inc. consists of two grocery stores. One store is fairly valued at $30M
Question #2697465
Waysafe Inc. consists of two grocery stores. One store is fairly valued at $30M
Question #2697469
Wayside Machine Tool Company purchased a $600,000 welding machine to use in prod
Question #2428232
Wayward Airfreight, Inc. has asked you to determine whether they should purchase
Question #1098331
Wayward Airfreight, Inc. has asked you to determine whether they should purchase
Question #1098349
Wayward Company wants to prepare interim financial statements for the first quar
Question #2392552
Wben a solid dissolves in wanec, beat may be evolved or abscebed. The heal of di
Question #1037968
We (2 developers) are developing a cakephp app that is running on a remote serve
Question #652062
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
We all have opinions about what is morally right and wrong. By definition, ethic
Next
We all know that 2 is the only even prime number. For the purposes of this probl

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.