[JDEV] Signed & encrypted messages
dpuryear at usa.net
Mon Jun 4 08:50:25 CDT 2001
Michael Brown wrote:
> > >property would be up to clients. Since there may be more than
> > >one certificate (for each different algorithm) we can't really
> > >put them all into a user's vcard, since that would be too big.
> > I agree. I'd prefer if vCards would stay small. But maybe vCards
> > should be signable? So we can verify they are real ;)
> Can someone explain this to me? I'm no crypto expert, so maybe I'm missing
Are you asking about the "signable" remark? If so Max is simply talking
about a signature, which ensure the integrity of the vCard. Normally, a
hashing algorithm such as SHA-1 or MD5 is used for this purpose. Of
course, passing a vCard in plaintext with a signature attached might not
be as great a solution as it first sounds. How do we know both the vCard
and signature weren't modified?
> email they send? (Is a PGP Signature the same as what we are talking about
> here?) My Lotus Notes file is only 4.7K, and it has quite a few x.509
A PGP signature is similar in that it ensures integrity, but PGP uses a
different technique to deliver this guarantee.
Dustin Puryear <dpuryear at usa.net>
In the beginning the Universe was created.
This has been widely regarded as a bad move. - Douglas Adams
More information about the JDev