Joe is exchanging encrypted email with another party. Joe encrypts the initial email with a key. When Joe
receives a response, he is unable to decrypt the response with the same key he used initially. Which of
the following would explain the situation?
A.
An ephemeral key was used for one of the messages
B.
A stream cipher was used for the initial email, a block cipher was used for the reply
C.
Out-of-band key exchange has taken place
D.
Asymmetric encryption is being used
Question doesn’t say or indicate that the sender and the recipient use two different public key pairs.
Joe receives a response, it means the Joe has send his public key to the recipient. If the recipient use the private key to encrypt the response to Joe, he should have used his private key, and Joe should be able to decrypt it.
Does anybody agree with me?
1
0
No. Email generally uses Public Private key pairs to encrypt. I would use your public key and encrypt an email to you.
If you send a response, it would be with my public key (completely separate from my email to you)–and in this case, I am apparently trying to decrypt it with your public key instead of my private key.
This is standard Asymmetric encryption.
Out of Band key exchange means that we are not exchanging the keys over the network. I assume that I would snailmail or phone call the key to you–not the case.
Ephemeral keys are used for Diffie-helman mostly. these are temporary keys for symmetric key exchange situations. Look for Forward Perfect Secrecy (PFS) when you see this. this means that you cannot figure out past keys based upon cracking a current one.
1
0
Thank Paul S. I read Darril Gibson’s book for this. I agree with you except “Email generally uses public private key pairs to encrypt”.
Email generally use asymmetric and symmetric keys for encryption:
Asymmetric key for key exchanging symmetric key.
Symmetric key for email data encryption.
So according to this question, I think I should assume this an email service uses Asymmetric keys for email data encryption.
1
0
Again this is a matter of deciding if this email service uses only asymmetric keys or asymmetric and symmetric keys for email encryption.
Generally most email services uses asymmetric and symmetric keys for email encryption. So if I use this general fact to answer this question, D is wrong, because Asymmetric isn’t used for actual email data encryption, and a symmetric key should be used for email data encryption, which means Joe should be able to decrypt the message with the same key he used initially. But unfortunately he cannot, so the only reasonable answer I’m left with is A, because it implies “Perfect Forward Secrecy”.
Again correct me if you think I’m wrong. Thank you.
1
0
Joe is encrypting an email with a key, and attempting to decrypt with the same key – That is symmetrical
Yet, the fact that the same key cannot decrypt, this means that he needs another key – requiring thus two keys (of a set of keys – defined as public x private)- This is asymmetrical
0
0