tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Morelock <subscripti...@phillipmorelock.com>
Subject Re: Security problem?
Date Fri, 07 Jun 2002 08:56:22 GMT
On 6/7/02 1:54 AM, "Barney Hamish" <Hamish.Barney@ect-telecoms.de> wrote:

> - the amount of money the user is to pay encrypted with the private key of
> site X as a digest.
> 
> On site Y you recieve both. You decrypt the encrypted amount with site X's
> public key. If the clear text amount matches the encrypted amount then you
> know the request originates from X and that the user hasn't tampered with
> the request. If the amounts differ then you know the user has tampered with
> the request and it should be rejected.

Is this backwards?

I thought public keys encrypt and private keys decrypt..

so site X would need to use site Y's public key to encrypt the amount, and
site Y would then decrypt it with its private key.  Am I wrong?

Also, why even send the cleartext version?

fillup


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message