Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander Trousevich2011-12-30 16:36:51
Information Security
Alexander Trousevich, 2011-12-30 16:36:51

Trunderbird: Using the same certificate for encryption and signing?

Hey habr!
Some time ago, I organized myself a certificate suitable for signing e-mail (smartly called "S / MIME and Authentication Certificate".
Happy and joyful, I got into the thunderbird settings and specified this certificate as an "electronic signature certificate" Thunderbird was no less happy to suggest that I use the same certificate to encrypt my e-mail,
and now the question is:
a) Do I understand correctly that only the person to whom I issue not only my OPEN, but also my CLOSED will be able to receive encrypted messages key?
b) Do I understand correctly that this someone will be able to write letters on my behalf and sign them?
Thanks in advance.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
V
Vladimir Dubrovin, 2011-12-30
@z3apa3a

You give a certificate with a public key and letters for you will be able to encrypt it.

Report
S
shadowalone, 2011-12-30
@shadowalone

You have strange thoughts:
a) Why then encrypt, if in order to open it, you need to give someone a private key ... No, of course, a public key is enough.
b) There is a question.

Report
M
Max, 2011-12-30
@AloneCoder

To completely dispel misunderstanding and confusion about this, read Wikipedia about asymmetric encryption

Report
S
sht0rm13, 2011-12-31
@sht0rm13

Arenim, if it is very simple to explain the principle of asymmetric encryption -
you generate a key-lock pair.
You always keep the key secret with you.
Distribute "Castles" to anyone you want. With the help of these "locks" and "closed / encrypted" all the information sent to you.
You can only open it with your "key".

Report
T
trueblacker, 2012-07-08
@trueblacker

the main thing has already been answered to you, I will only add that your paranoia is not completely unfounded.
The fact is that with the so-called. RSA algorithm (do you have an RSA certificate?), the decryption operation is equivalent to the signature generation operation. An attack that exploits this fact is quite sophisticated, but not impossible. Its essence is that a specially formed “encrypted” letter is sent to you, when you try to decrypt it, you actually produce a signature under some hash value. If you manage to “steal” the result of this decryption from you (even without access to your keys!), it will be possible to generate a signed document on your behalf, using the text, the hash of which was “slipped” to you.
In general, if the level of paranoia is above average, you should not use the same certificate for encryption and EDS. Also, it is worth checking the absence of NonRepudiation in the encryption certificate.

Similar questions
M
Messi2017-04-14 21:47:35
Real ways to determine the address by IP? 4Reply
S
Sqqq2021-04-01 10:13:51
What can a person connected to my Wi-Fi find out? 1Reply
F
Finger Gross2017-04-20 02:56:31
What are the analogues of iptables or ipfw for Mac OS? 1Reply
A
Alexander2019-09-21 10:16:51
What to use instead of http basic auth? 1Reply
P
Peter2017-04-21 10:18:48
Is it possible to read xml file from different domains/directories? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question