Public and Private Keys

¶ … digital signatures that it ensures authentication. Explain how and why it does that.

A digital signature is a unique and verifiable "signature" that allows for the reliable and proper determination of whether a file or message is form the person that is otherwise displayed and represented in the message. It is done because it can prove in a definitive way that the sender is who they say they are.

What is the role of the Certificate Authority in a PKI? How are certificate authorities authenticated?

The role of the certificate authority in a Public Key Infrastructure (PKI) is to digitally "sign" a submission using a publicly-accessible key. The recipient uses that same public key to verify the sender as authentic rather than faked.

Why is randomness so important to key generation? What does a truly random system ensure?

A truly random key means that a key cannot be predicted or guessed. It ensures that a hacker cannot luck out and get a key as it's active.

4) What is the possible advantage of using a joint public-key/secret key approach to key distribution?

Using a joint one would allow you to access and interface with external sources and destinations (public) but one would still be able to operate internally using something that is not public at all and thus can be entirely random rather than published or otherwise known by others (private). Tying them together at the same time can allow for a public key to be used while not opening up the business to a public key breach if/when that happens.

5) Why is the ability to disguise the content of messages an important part of modern business practice?

It would serve two major purposes….the first is to protect private sensitive personal and business information such as bank account numbers, social security numbers, addresses, and so forth. It would also be useful in protecting trade secrets and other sensitive business information from prying eyes.

6) Why are authentication and integrity checking such important dual functions? What would be the outcome if one or the other was missing?

The inability to authenticate would render the process of being able to prove who sent something and what they did not send meaningless…and integrity would be an issue because the information can get entirely or partially corrupted.

7) What is the role of digital signatures in modern organizations? What would be the impact on e-commerce if it were not possible to authenticate an electronic signature?

Any modern organization must be able to prove without fail who actually sent a message. For e-commerce, this is important so that it is known whether the buyer of a product or service is who they say they are. There are other ways to protect people online, but a digital signature is one of the most effective ways.