G.4. Identifying the communicating parties
We have seen that a message authentication code (MAC) or a digital signature (in asynchronous communication) can help to detect tampering. But before continuing, it’s worth ensuring that we know exactly what a correct MAC or a correct signature proves. Specifically it proves these two things:
The sender has a public key and a private key that match.
The data was sent by the entity that has the private key, and has not been modified in transmission.
In other words, the MAC or signature proves that the data is sound and came from a particular public/private key combination. What it does not prove is that the key pair belongs to the person or organization that it purports to belong to. Is there anything ...
Get Applied Enterprise JavaBeans™ Technology now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.