User Account

All Pages

Concentrate on the digital signatures and certificate chain

Assignment Help Computer Network Security
Reference no: EM13869909

Task:

In this task, you will concentrate on the digital signatures and certificate chain. Try posting messages signed with your private key and ask your colleagues to verify whether your signature on the message is valid. The message should not be encrypted; that is, the format is a clear message, with a signature on the message.

Your task is detailed in the 'Sample Template for document submission' at the end of this Assignment. However, generally speaking your task is to compare what happens in the following situations: 1.Get signature by A and check whether A's signature on one message is valid. 2.Let B sign A's key, and you sign B's key.

Then check whether A's signature on one message is valid. As you know, various PGP tools may implement the same service differently. The technical details in the following example were written for PGP 7.x; however, the basic theory is the same for all versions of PGP. If you are using GnuPG or another OpenPGP installation, the interface may look different, but the basic process should be the same. Stepping through the following example in your own software may give you a deeper understanding of how the digital signature process works. PGP 7.x

Example A screenshot of a PGPKeys window showing the features described You have talked about CA (certificate authority) in several places. The PGP trust model is different from the CA trust model. When you open the PGPKeytools, you will find that for several public keys you have imported, the small ball under the 'validity' item is not highlighted (green).

This means that that these public keys are not 'valid' according to current certificate chains. The impact is that when you verify a signature using that public key, you will get a message like 'valid signature with an invalid key'.

If the ball for your own public key is not green, you may right-click your key and choose 'key properties'. Under the 'Trust Model', choose 'Implicit trust'. Then your key should be green. Now how can you make other keys valid (green)?

An obvious way is to sign that key. When you sign a key, you will see that key is highlighted. Do you have to sign all keys to make all keys valid? The answer is NO. That is, you need to find a way to make one key highlighted (green), but you have never signed that key.

If you know that a key is really from Alice, then you can certainly click the small ball corresponding to that key and sign that key, and then you can export that public key, thus making Alice's key green.

If you do not know Alice, but you know Bob in person and Bob knows Alice well, then if Bob signs Alice's key and sends Alice's signed key to you, you should trust Alice's key. This is the PGP trust model. Practice this kind of trust model this Week.

In particular, do the following exercise: You sign A's key and mark A's key as trusted (you can do this by right-clicking A's key and choose 'key properties' and then move the sliding bar to trust). A signs B's key and publishes the signed key to the Group Project forum. Check whether B's key is valid in your screen (small ball is highlighted). Post your screenshot to convince others that you have not signed B's key but that it is valid.

Also check a message signed by B to see whether it is valid. The following is a sample screenshot. Note that Yongge Wang has not signed Ali Ahmed's key but that it is a valid key.

Also note that Yongge Wang trusts Craig's key at the 50% level. References: Brunschwig, P. (2013) Enigmail [Online]. Available from: https://addons.mozilla.org/en-US/thunderbird/addon/enigmail/, (Accessed: 20 October 2014). The GnuPG Project (2014) The GNU privacy guard [Online]. Available from: https://www.gnupg.org (Accessed: 20 October 2014). Network Working Group (2007) Proposed Standard RFC 4880: OpenPGP Message Format [Online]. Available from: https://www.ietf.org/rfc/rfc4880.txt (Accessed 10 December 2014). OpenPGP Alliance (n.d.) OpenPGP alliance members [Online]. Available from: https://openpgp.org/members/ (Accessed 10 December 2014). Symantec (2014) Symantec Encryption Family [Online]. Available from: https://www.symantec.com/encryption/ (Accessed 10 December 2014).

Reference no: EM13869909

Questions Cloud

Analyze the price-setting process : Analyze the price-setting process and select the areas of the price-setting process (i.e., define price window, set initial price, and communicate prices to market) that you believe to be the most important
Surroundings average air temperature : For the following cases: How much energy is lost every day when the steam temperature is maintained at 200oC, and the surrounding average air temperature is 20.0oC, and the surroundings average air temperature is 20.0oC? Neglect losses though the end..
How should knight lead and manage the change at kingston : How should Knight lead and manage the change at Kingston? Discus a set of actions that should have taken place and a second set that should now occur given the present situation. Use examples and insights from class lectures, experience, and readi..
Qualitative research and evaluation methods : How and What to Code. Retrieved from http://onlineqda.hud.ac.uk/Intro_QDA/how_what_to_code.phpThis website is a useful resource that contains additional information about coding. You are encouraged to view the media pieces in the sections on Appro..
Concentrate on the digital signatures and certificate chain : You will concentrate on the digital signatures and certificate chain. Try posting messages signed with your private key and ask your colleagues to verify whether your signature on the message is valid. The message should not be encrypted; that is,..
Show that the above system of equations : Show that the above system of equations can be derived from the Law of Mass Action. Do this by finding reactions that give rise to these equations.Also, assumptions are made about the rate constants to obtain these equations and you should make sure ..
What other marketing actions would you recommend : What factors must you consider when deciding when to release your movie? How many tickets does your movie have to sell to break even in the first week? What other marketing actions would you recommend
What about their proposed resolution : What other connections do you see between their future career vision and the ethical principles, standards, and codes of conduct you reviewed
Openpgp-compliant email software package on your computer : Install an OpenPGP-compliant email software package on your computer, like any of the ones found at the OpenPGP Alliance (n.d.) Web site or any product in compliance with RFC 4880

Reviews

Write a Review

Computer Network Security Questions & Answers

  Define the principle of defense in depth

Define the principle of defense in depth. Give two examples of how the principle might be applied: one describing security measures across multiple layers of security architecture, and another describing security measures within a single layer

  Paper on entropy as it pertains to cryptography

Turn in a 3 page paper on Entropy as it pertains to Cryptography. The paper must discuss the relationship of Entropy to the likelihood that an attack can be successful, the formula for computing Entropy

  Explain why you were unable to complete this part

Modify the attached code to include a exportToJSON method within the Cave object. This method should output the JSON version of our Cave, which should be identical to the JSON within Cave.dat for that particular Cave.

  Design a security plan that describes counter-measures

Design a security plan that describes counter-measures that will manage the threats that put the organisation's information holdings at risk and disaster recovery processes.

  To ensure the security of the files used by the new web site

To ensure the security of the files used by the new Web site, files need to access controls that limit which users can view and execute them. To further your understanding of file permissions, describe in detail these 5 file listings, explain a..

  Define intellectual property in cyberspace

Develop a one-page poster in Word or PowerPoint for a public service campaign to educate people about intellectual property rights of cyberspace for some aspect in your readings from this week.

  How would an organization like anonymous

How would an organization like "Anonymous" be able to carry out phishing attacks against major organizations with relative ease

  Management issues of computer security

What are the major defensive mechanisms that can be used to stop such attacks-Pick up one mechanism and comment on it - Management issues of computer security

  Determine the encrypted message-s entropy

If this message is sent unencrypted and successfully received, determine its entropy? If this message is encrypted with DES using random 56-bit key, determine the encrypted message's entropy?

  Issues while maintaining security in a company

Assignment Preparation: Activities include independent student reading and research. Assignment: Write a 3-to 4-page paper describing the some of the issues you might face when maintaining security in a company that has offices in multiple countrie..

  Deliver an it risk assessment case study

Deliver an IT Risk Assessment Case Study in support of a significant technology decision that is to be taken by a fictional company called Aztek that operates in the Australian Financial Services sector.

  What is the benefit for an it company

What is bug bounty - What is the benefit for an IT company to join in bug bounty program and Why people participate in bug bounties?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd