Re: [Openca-Users] Purposes: Issuer Not Trusted

Fri, 15 Sep 2006 02:39:22 -0700 

Zaki Akhmad wrote:

Finally, I succeed to encrypt my email using digital certificate. So
the trick is we should have recipient certificate. I add "other
people's certificate" to my Thunderbird. Bingo! They're encrypted.

But is this true? I cannot read the encrypted-email from web browser
(example) gmail.com, but I should read it the encrypted-email from
(example) Thunderbird. This is because I have to decrypt the
encrypted-email first using my digital certificate.


Yes, this is correct. Basically in RSA, to encrypt a message you
use the Public Key which is inside the Digital Certificate of the
recipient. The recipient, to decrypt the message, has to use the
private key, therefore it can be performed only locally.

Well, I do not know if webmail products which deal with digital
certificates and ecryption exists, that would be a nice application
to do.. but the problem with this approach is that the server
should access the user's private key...

.. could that be done in an Applet ? Like, when you want to read
an encrypted email, an applet is opened and, if the user agrees
to have the private key read, the applet decrypts the email, and
the clear message is displayed to the user...

--

Best Regards,

        Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]      [EMAIL PROTECTED]
                                                Tel.:   +39 (0)11  564 7081
http://security.polito.it                       Fax:    +39   178  270 2077
                                                Mobile: +39 (0)347 7222 365

Politecnico di Torino (EuroPKI)
Certification Authority Informations:

Authority Access Point                                  http://ca.polito.it
Authority's Certificate:          http://ca.polito.it/ca_cert/en_index.html
Certificate Revocation List:              http://ca.polito.it/crl02/crl.crl
--o------------------------------------------------------------------------

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to