My small brain does not understand certification...

Techmeister daniel_page@yahoo.fr
Wed Jun 27 23:10:02 2001 

This is a multi-part message in MIME format.

------=_NextPart_000_0027_01C0FF5D.54E7E960
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi,

Imagine that I have killerapp.exe v1.0 and I create a digital signature =
with GNUGP. Fine, no-one can modify the file without the cert being =
invalidated, but Carl Cracker adds a virus to my program, and creates =
his certificate, and distributes killerapp.exe, Virus Edition.

A user checks the file against the certificate, and everything is OK, as =
the certificate corresponds to the file.

How would the user be able to know that killerapp.exe has been modified =
by a cracker and is not the original file or certificate? Would the user =
have to check the certificate against my public key? (as they know that =
the file should have come from me) Or is the use of certificates =
different?

All help very much appreciated!

Cordially,

Daniel Page

------=_NextPart_000_0027_01C0FF5D.54E7E960
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2462.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DCourier size=3D2>Hi,</FONT></DIV>
<DIV><FONT face=3DCourier size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DCourier size=3D2>Imagine that I have killerapp.exe =
v1.0 and I=20
create a digital signature with GNUGP. Fine, no-one can modify the file =
without=20
the cert being invalidated, but Carl Cracker adds a virus to my program, =
and=20
creates his certificate, and distributes killerapp.exe, Virus=20
Edition.</FONT></DIV>
<DIV><FONT face=3DCourier size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DCourier size=3D2>A user checks the file against the =
certificate,=20
and everything is OK, as the certificate corresponds to the =
file.</FONT></DIV>
<DIV><FONT face=3DCourier size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DCourier size=3D2>How would the user be able to know =
that=20
killerapp.exe has been modified by a cracker and is not the original =
file or=20
certificate? Would the user have to check the certificate against my =
public key?=20
(as they know that the file should have come from me) Or is the use of=20
certificates different?</FONT></DIV>
<DIV><FONT face=3DCourier size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DCourier size=3D2>All help very much =
appreciated!</FONT></DIV>
<DIV><FONT face=3DCourier size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DCourier size=3D2>Cordially,</FONT></DIV>
<DIV><FONT face=3DCourier size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DCourier size=3D2>Daniel =
Page</FONT></DIV></BODY></HTML>

------=_NextPart_000_0027_01C0FF5D.54E7E960--