Let’s examine three Asymmetric Cryptography scenarios in order to gain a clear understanding of what nonrepudiation is.
Scenario 1: Alice encrypt a message with bob’s public key, then bob only decrypt the message, confidentiality is full-filled but how do we ensure that the mail was originated from Alice? in other words how do we prove the non-repudiation? (The Proof of origin, in other words Non-repudiation of the sender (Alice))
Scenario 2: Alice then encrypt the message with the private key of her and sent to Bob, now bob decrypts the message with Alice’s public key, Non-repudiation is ensured? but where is the confidentiality? because some one in the middle of the same medium would get the message and decrypts easily with Alice public key
Scenario 3: In order to ensure both confidentiality and Non-repudiation, do both scenario1 and scenario2 together and thats it. How? Here we go…!! Alice encypt the msg using her private key and then Bob’s public key and once Bob receives it, he will dycrypt using Bob’s private key and then Alice’s public key and this both confidentiality and Non-repudiation are ensured and thats it.
Let us also examine the Session Key or Secure Session, as these subjects are intertwined: But in this case we use both symmetric and asymmetric cryptography. Here we go…!!
Alice wants to use symmetric encryption to send Bob a confidential message. She needs to get the symmetric key to Bob securely; she will use Bob’s public asymmetric key to encrypt the symmetric key and send it along with the encrypted message. Bob will use his private key to decrypt the symmetric key and use the symmetric key to decrypt the message.
Hopefully, you now have a clear understanding of what nonrepudiation is and why it is important to security. Session key is just a value add subject. Please feel free to reach me for any feedback, Thank you.
You cannot copy content of this page