Chapter 11. Establishing Trust

Public key cryptography allows us to protect the confidentiality, integrity, and authenticity of any type of digital communication provided that we know the public key of the party we are to communicate with.

If we receive a signed message that claims to have been sent by Alice, we need to do two things to verify the claim:

  • Use the public key to verify the signature.
  • Make sure the public key really belongs to Alice.

An attacker could try to fool us in two different ways:

  • Break the encryption mechanism.
  • Fool us into trusting a different key as belonging to Alice.

Unless the protocol designer has made a serious mistake (it happens), the first type of attack is very difficult, like trying to move the Sahara desert ...

Get The dotCrime Manifesto now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.