I want to discuss some thing about wallet manager To-day.Understanding this is really a pain for me.Well,i putting what ever i understood.
In the past
IF A want to send message to B,
first A send a private key to B.
Now before sending A asks for a public key from B,B sends a public key naming his organization.
So,now a will send the message with the public key to B.At this point of time B can translate the data send by A with his private key.
Now,there is a possibility for intruders who can hack the public key ,but can't translate as he don't have the private key.
Public-key algorithms thus guarantee the secrecy of a message, but they don't guarantee secure communications because they don't verify the identities of the communicating parties. In order to establish secure communications, it is important to verify that the public key used to encrypt a message does in fact belong to the target recipient. Otherwise, a third party can potentially eavesdrop on the communication and intercept public key requests, substituting its public key for a legitimate key.
The public key will be open and the sender doesn't identify the target person with the public key which is a loop-hole for intruders.To over-come this oracle implemented Authentication and CA.
Now CA is a third-party which is trusted by both the parties say sender(A) and receiver(B).
In order to avoid such a man-in-the-middle attack, it is necessary to verify the owner of the public key, a process called Authentication. Authentication can be accomplished through a CERTIFICATE (CA).
A CA is a third party that is trusted by both of the parties attempting secure communication. The CA issues public key certificates that contain an entity's name, public key, and certain other security credentials. Such credentials typically include the CA name, the CA signature, and the certificate effective dates (From Date, To Date).
The CA uses its private key to encrypt a message, while the public key is used to decrypt it, thus verifying that the message was encrypted by the CA. The CA public key is well known, and does not have to be authenticated each time it is accessed. Such CA public keys are stored in an Oracle Wallet
Regards,
Naga.
No comments:
Post a Comment