Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!lll-winken!uunet!van-bc!rsoft!mindlink!a577 From: a577@mindlink.UUCP (Curt Sampson) Newsgroups: comp.org.eff.talk Subject: Re: Digital Signatures and Public Key Cryptography Message-ID: <2960@mindlink.UUCP> Date: 27 Aug 90 16:19:03 GMT Organization: MIND LINK! - British Columbia, Canada Lines: 48 > sprouse@oahu.cs.ucla.edu writes: > > >If and when the public key cryptosystem becomes widely used, digital signa- > >tures should be harder to forge than pen and paper signatures. So if > >anything a digital signature should be easier to verify and more secure. > > One drawback to digital signatures (at least as I understand them) is > the fact that they rely on fact that the signer wants his signature to be a > secret. What happens if I digitally sign a contract and then want out? What > keeps me from leaking my secret codes (signature) to the > world and then claiming that my signature was forged? Actually, a good public key/private key cryptography system would help this immensely. I've been looking into this myself, because I can see a strong need (in the future) for a decent encryption system that would allow anybody to send mail to a person, even over a routed network (such as usenet) but allow only that person to read it. Two things are required for our public key/private key encryption system. First, the public key must be easy to derive from the private key, but the private key must be *very* difficult (i.e., virtually impossible) to derive from the public key. Second, the encryption/decryption process must be reversable. That is, you must be able to decode with the private key anything encoded with the public key, and decode with the public key anything encoded with the private key. Everyone would create a private key and generate their public key from it. We could then have directories available (regional and national) of public keys. If I wanted to send a message to Joe Smith in Clevland Ohio, I could just call up my local information service, get his public key, and send it off. I would, of course, include my public key in the message I sent to him. If I wanted him to know that the message was from me, and not from an impostor, I would encrypt my message with my private key before encrypting it with his public key. He would decrypt the message with his private key, which would expose an unencrypted header with my name in it and the encrypted message. He would then get my public key from the directory and use that to decrypt the message. Releasing your own public key to enable you to claim that someone else had forged a letter to you would be very risky business. It would enable anyone who had your key to also forge anything else in your name (such as money transfers) and read anything sent to you. I don't see people doing it unless they are *very* desperate to get out of a contract. Releasing your private key would be basically opening yourself up to the world. There are many ways in which this system could be abused, should information get into the wrong hands. But isn't that true of all systems? -cjs ( Curt_Sampson@mindlink.UUCP )