2

I'm developing an application to manage file and email encryption using (primarily) PKI. I have a Public Keyring with a list of contacts and their Public Keys.

Referring back to the olden days when I used PGP, I recall a requirement to sign public keys with your Private Key.

Is this a necessity on PKI and if so, what does this signing achieve? Is it bad practice to simply hold a list/database of people's names (and email) and their Public Key? Surely if their public key is - in any way - tampered with the encryption would fail and as you choose who you're sending or sharing the encrypted data with, even if a 'successful tamper' went unnoticed, the encrypted data wouldn't end up in the wrong hands anyway?

4

1 回答 1

2

当您拥有仅用于签名的专用密钥对以及用于加密的其他密钥对时,使用私钥对公钥进行签名的整个过程非常有用。这个专用密钥对是您的“受信任”密钥对,它以某种方式合法地附加到您身上(通常由证书颁发机构签署,或者让许多受信任的人签署他们已验证它与您的连接。)

您使用此“受信任的”私钥来签署您的不太受信任的公钥。这样,人们可以使用您信任的公钥对您的新公钥进行签名/解密。仅当它由您信任的私钥签名时,这在数学上才是可能的。

这个过程可以帮助人们确定这个新的公钥确实属于你。

于 2013-06-02T02:38:12.897 回答