This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
5.2 Public Key Cryptography | 201
3. Public keys may be downloaded. DKIM, for example, specifies that public keys
be downloaded using DNS:
% dig txt mypub._domainkey.example.com
4. A special header may specify a web URL:
X-Public-Key-Location: https://www.example.com/keys/email/A459b.pub
No matter where a public key is stored, the public key that corresponds to the private
key that created the digital signature must be possessed (downloaded and
installed for use) by the receiver before a digital signature can be verified.
5.2.3 Authentication in Public-Key Systems
Digital signatures do, to a limited extent, guarantee the authenticity of the sender.
After all, only the sender??™s public key can decrypt the digital signature encrypted
using the sender??™s private key. Strictly speaking, however, the only thing this actually
guarantees is that whoever sent the message possessed the private key corresponding
to the public key used to decrypt the digital signature. Thus, although this
public key might have been advertised as belonging to the sender, the recipient can
never be absolutely certain.
Certainty is created through the use of digital certificates. A digital certificate certifies
that a given public key is owned by a particular sender.
Pages:
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385