[JDEV] Signed & encrypted messages

Dustin Puryear dpuryear at usa.net
Mon Jun 4 08:50:25 CDT 2001

Michael Brown wrote:
> > >property would be up to clients. Since there may be more than
> > >one certificate (for each different algorithm) we can't really
> > >put them all into a user's vcard, since that would be too big.
> >
> > I agree. I'd prefer if vCards would stay small. But maybe vCards
> > should be signable? So we can verify they are real ;)
> Can someone explain this to me?  I'm no crypto expert, so maybe I'm missing
> something...

Are you asking about the "signable" remark? If so Max is simply talking
about a signature, which ensure the integrity of the vCard.  Normally, a
hashing algorithm such as SHA-1 or MD5 is used for this purpose. Of
course, passing a vCard in plaintext with a signature attached might not
be as great a solution as it first sounds. How do we know both the vCard
and signature weren't modified?

> email they send?  (Is a PGP Signature the same as what we are talking about
> here?) My Lotus Notes file is only 4.7K, and it has quite a few x.509

A PGP signature is similar in that it ensures integrity, but PGP uses a
different technique to deliver this guarantee.

Regards, Dustin

Dustin Puryear <dpuryear at usa.net>
In the beginning the Universe was created. 
This has been widely regarded as a bad move. - Douglas Adams

More information about the JDev mailing list