Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to
verify the validity’s of Joe’s certificate? (Select TWO).

A.
The CA’s public key

B.
Joe’s private key

C.
Ann’s public key

D.
The CA’s private key

E.
Joe’s public key

F.
Ann’s private key

Explanation:
Joe wants to send a message to Ann. It’s important that this message not be altered. Joe will use the
private key to create a digital signature. The message is, in effect, signed with the private key. Joe then
sends the message to Ann. Ann will use the public key attached to the message to validate the digital
signature. If the values match, Ann knows the message is authentic and came from Joe. Ann will use a key
provided by Joe—the public key—to decrypt the message. Most digital signature implementations also
use a hash to verify that the message has not been altered, intentionally or accidently, in transit. Thus
Ann would compare the signature area referred to as a message in the message with the calculated value
digest (her private key in this case). If the values match, the message hasn’t been tampered with and the
originator is verified as the person they claim to be. This process provides message integrity,
nonrepudiation, and authentication.
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing
certificates. A certificate is nothing more than a mechanism that associates the public key with an
individual.
If Joe wants to send Ann an encrypted e-mail, there should be a mechanism to verify to Ann that the
message received from Mike is really from Joe. If a third party (the CA) vouches for Joe and Ann trusts
that third party, Ann can assume that the message is authentic because the third party says so.Incorrect Answers:
B: Ann would require Joe’s public key and not his private key.
C: Ann is the recipient and her public key is not required to verify e-mail sent by Joe.
D: The CA’s private key is not used to decrypt messages, rather a recipient must make use of the CA’s
public key to process a request for a digital certificate.
F: The certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing
certificates. Ann’s private key is thus not an issue here because she must use the DC’s public key to
process a request for a digital signature.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 261, 279
http://searchsecurity.techtarget.com/definition/digital-signature
http://email.about.com/cs/pgp/a/public_key_enc.htm