tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Morelock <>
Subject Re: Security problem?
Date Fri, 07 Jun 2002 09:42:12 GMT
On 6/7/02 2:30 AM, "Nikola Milutinovic" <> wrote:

> Just as Barney Hamish pointed out, with RSA (and I think DSA) keys, you can
> encrypt/decript both ways. It is just that these two modes of operation have
> been established as common. And yes, a signed object is not encrypted. What
> would we encript it with? Our private key? the anyone can decrypt it with our
> public key, so what's the point?

> There is a third mode of operation, which is a combination of the two. Say we
> both have digital certificates and we exchange public parts. Then I can
> digitally sign a message from me to you, using my private key and encrypt it
> all with your public key. That message is decryptabel only by you and using my
> public key, you can verify that the mesage came from me. They used to call it
> "digital handshake". I believe it is a part of SSL/TLS handshake.

It's true what they say -- learn something new every day!

> Nix.


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message