« MIS Cases ... | In Class This Week ... »
December 15, 2005
Authentication vs. Encryption
I'd have been desperate to find the answer before the final, but I had a secret resource: Ray Panko at the University of Hawaii. In desperation I emailed Ray and, like always, he straightened me out. His response:
"The digital signature is about authentication (and message integrity), not confidentiality. In authentication, the sender has to prove they have something nobody else could have. In this case, it is their private key. Any recipient can get the digital certificate of the party the sender is claiming to be. This cert contains the claimed person's public key. Thus, any receiver can check the message's digital certificate for authentication."
That makes sense. Thus, there are two uses for public and private keys. For confidentiality, encode the plaintext with the receiver's public key. For authentication, encode the message digest (or other message to be authenticated) with your own private key. Your private key authenticates you.
Can I claim I'm modeling coping with failure and the importance of networking?
Posted by DavidK at December 15, 2005 04:18 PM | Permalink