Global Sales Contact List

Contact   A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

RSA Laboratories

4.1.3.9 How do I find someone else's public key?

Suppose Alice wants to find Bob's public key. There are several possible ways of doing this. She could call him up and ask him to send his public key via e-mail. She could request it via e-mail, exchange it in person, as well as many other ways. Since the public key is public knowledge, there is no need to encrypt it while transferring it, though one should verify the authenticity of a public key. A mischievous third party could intercept the transmission, replace Bob's key with his or her own and thereby be able intercept and decrypt messages that are sent from Alice to Bob and encrypted using the ``fake'' public key. For this reason one should personally verify the key (for example, this can be done by computing a hash of the key and verifying it with Bob over the phone) or rely on certifying authorities (see Question 4.1.3.12 for more information on certifying authorities). Certifying authorities may provide directory services; if Bob works for company Z, Alice could look in the directory kept by Z's certifying authority.

Today, full-fledged directories are emerging, serving as on-line white or yellow pages. Along with ITU-T X.509 standards (see Question 5.3.2), most directories contain certificates as well as public keys; the presence of certificates lower the directories' security needs.


Top of the page

Notes:
Connect with EMCConnect with EMC
Need help immediately? EMC Sales Specialists are standing by to answer your questions real time.
Use Live Chat for fast, direct access to EMC Customer Service Professionals to resolve your support questions.
Explore and compare EMC products in the EMC Store, and get a price quote from EMC or an EMC partner.
We're here to help. Send us your sales inquiry and an EMC Sales Specialist will get back to you within one business day.
Want to talk? Call us to speak with an EMC Sales Specialist live.