A company requires that all users enroll in the corporate PKI structure and digitally sign all emails.
Which of the following are primary reasons to sign emails with digital certificates? (Select TWO)
A.
To establish non-repudiation
B.
To ensure integrity
C.
To prevent SPAM
D.
To establish data loss prevention
E.
To protect confidentiality
F.
To establish transport encryption
A and B
1
0
A & B is true for Digital Signature , Question is asking for Digital Certificate
1
0
Ugg I hate tricky questions. I missed that
0
0
I don’t understand why digital certificate would be any different from digital signature. A digital signature with authentication is simply the encryption of the message with the private key of the sender’s digitial certificate. The recipient decrypts the message with the public key of the sender’s digital certificate, validating the public key from the certificate authority. This establishes authentication, non-repudiation, and integrity of the message. A digital signature can also just be a hash of the completed message, establishing integrity but not non-repudiation (because you can prove it hasn’t been changed, but you can’t prove who sent it.) Generally, “digital signature” means an authenticated sender–i.e., signed with a digital certificate. That means you can prove not only that it has not been changed, but who sent it.
If the message is encrypted, it was encrypted with the recipient’s public key before encrypting with the sender’s private key. After decrypting the signed message with the sender’s public key, the recipient then decrypts the result with their own private key. This provides confidentiality.
So to send a message with authentication, confidentiality, non-repudiation, and integrity, the following are the steps:
1. Sender encrypts message with recipient’s public key. This ensures that no one other than the recipient can read the message–i.e., confidentiality. Note that this has to do with the encryption agreed upon by sender and recipient, and does not require the use of a certificate.
2. Sender encrypts the result with sender’s private key. (This is known as digitally signing the message, and establishes authentication.)
3. Message is sent.
4. Recipient decrypts the message with the sender’s public key (verifying it from the CA.) This establishes both integrity and non-repudiation, guaranteeing both that the message has not been changed, and that it did indeed come from the sender.
5. Recipient decrypts the result with recipient’s private key.
I think Leanne is correct. The answer should be A and B, integrity and non-repudiation. Confidentiality is only protected if the message is encrypted such that someone other than the recipient cannot access it. Anyone can validate a signature and read the contents, so confidentiality is NOT protected by the use of a digital certificate.
Am I missing something? (source: https://en.wikipedia.org/wiki/Digital_signature)
1
0
Further clarification: The keys used in steps one and two above are different. The encryption keys in steps one and five are not usually related to digital certificates. The keys used in steps two and four are associated with the sender’s digital certificate, and may simply be a simple hash function, encrypted by the sender’s private key. (I.e., the sender does not encrypt the message again after encrypting it with the recipient’s public key. Instead, the sender computes a hash of that message and encrypts the hash with the sender’s private key. The recipient can decrypt that hash with the sender’s public key and guarantee it came from the sender. If the sender’s key is associated with a certificate, it provides non-repudiation. Without the certificate, it provides integrity but not non-repudiation.)
1
0
I’m going with A and B. The question says “digitally signs” and “signs.” There is nothing to suggest that the message is encrypted (outside of the encrypted hash that is created during the digital signing.)
1
0
Digitally signing is about nonrepudiation. However, when you digitally sign, you also hash the email; hence an integrity check.
1
0
I think it is A and B as well. Confidentiality has nothing to do with the signature as I understand you want that to be decrypted with a public key anyway.
1
0