Example application: secure message exchange (email)

‘A’ wants to send m to ‘B’:

1. Select random key k

2. Encrypt: c = encrypt(k, m)

3. Hash: h = H(m)

4. Sign: s=sig(PrivKeyA, h)

5. lookup B’s cert(PubKeyB)

6. is PubKeyB is trusted?

7. x = Pcrypt(PubKeyB, k)

8. package and send ‘B’: {c,x,s,cert(PubKeyA)}

• A knows only B can read it; B knows A wrote it

  • B can reverse step 7 to recover k from x, reverse step 2 to recover m from c, recompute step 3 to find h, verify s with PubKeyA

• Steps 5 & 6 are ill-defined

• Is this application secure?

  • “obviously” yes...
  • except for some problems...
  • in practice, who knows?

Previous slide

Next slide

Back to first slide

View graphic version