A new security policy being implemented requires all email within the organization be digitally signed by the
author using PGP. Which of the following would needs to be created for each user?
 
A.
 A certificate authority
B.
 A key escrow
C.
 A trusted key
D.
 A public and private key
 			
			
 
                
Key concepts
This short question has a number of components:
a) It relates to emails
b) It requires a “digital signature”
c) To be signed by the authors. Something needs to be created for ALL users
Process of elimination: B and C are out from the onset.
This is therefore a toss up between A and D.
Looking at this and doing some further digging, I have come to the conclusion that the answer is indeed : A. A certificate authority
I found this genm of an article: (https://www.cs.bham.ac.uk/~mdr/teaching/modules/security/lectures/PGP.html)
Key certificates and PGP
Recap on issues about how cryptography is used
Symmetric-key encryption allows agents to communicate securely, but leaves them with a hard problem: how to agree securely on a key? The main solutions available to them are:
a. Face-to-face key exchange
b. Key exchange via a trusted third party (TTP), with whom the agents already share a secret symmetric key.
These solutions are inconvenient and expensive, especially as they have to be done frequently, or you have a key-management headache. (With n parties, you have O(n2) keys, or O(2n) keys if you want to allow messages private to a group.)
Public-key encryption solves the problem of key exchange, but gives us another problem: how to ensure the authenticity of other people’s public keys? The same solutions exist:
a. Face-to-face key exchange
b. Key exchange via a TTP
but now they have to be done only once, since are only O(n) keys to manage. Public-key encryption also gives us another solution:
c. Key certificates.
The concept of key certficate
A key certificate is an assertion that a certain key belongs to a certain entity, which is digitally signed by an entity (usually a different one).
In addition to the above, by definition: PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography; each step uses one of several supported algorithms. Each public key is bound to a user name or an e-mail address. The first version of this system was generally known as a web of trust to contrast with the X.509 system, which uses a hierarchical approach based on CERTIFICATE AUTHORITY and which was added to PGP implementations later. Current versions of PGP encryption include both options through an automated key management server.
0
0