Chapter 11. Establishing Trust

Public key cryptography allows us to protect the confidentiality, integrity, and authenticity of any type of digital communication provided that we know the public key of the party we are to communicate with.

If we receive a signed message that claims to have been sent by Alice, we need to do two things to verify the claim:

  • Use the public key to verify the signature.

  • Make sure the public key really belongs to Alice.

An attacker could try to fool us in two different ways:

  • Break the encryption mechanism.

  • Fool us into trusting a different key as belonging to Alice.

Unless the protocol designer has made a serious mistake (it happens), the first type of attack is very difficult, like trying to move the Sahara desert with a pair ...

Get The dotCrime Manifesto now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.