Cryptography Reference
In-Depth Information
13.18.
We consider RSA encryption with certificates in which Bob has the RSA
keys. Oscar manages to send Alice a verification key
k
pr
,
CA
which is, in fact, Oscar's
key. Show an active attack in which he can decipher encrypted messages that Alice
sends to Bob. Should Oscar run a MIM attack or should he set up a session only
between himself and Alice?
13.19.
Pretty Good Privacy (PGP) is a widespread scheme for electronic mail se-
curity to provide authentication and confidentiality. PGP does not necessarily re-
quire the use of certificate authorities. Describe the trust model of PGP and how the
public-key management works in practice.
