[Full-disclosure] selling office 2003 & 2007 0day
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue Jul 17 16:41:35 BST 2007
On Mon, 16 Jul 2007 21:12:04 +0200, Pieter de Boer said:
> Ohwell, signing with public keys is pointless anyhow.. *whistles innocently*
Signing it with the *recipient's* public key can be somewhat interesting, as
it results in a signature that only the recipient can identify - if anybody
else tries to verify it, they can't, which results in a mostly-repudiatable
signature.
Of course, the *usual* use case is to either:
*encrypt* with the recipients public key (so only their private key can decrypt
it), and then sign the whole thing with your private key (so they can verify
you did it by using your public key). This results in something that anybody
can verify you sent, but only the recipient can read. or...
Sign with your private key, then encrypt with their public key - at that point
only the recipient can decode it. In addition, only the recipient can see the
(now-decoded) signature and verify it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070717/e332af28/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.