Student Forums CIA Part 3: Business Knowledge for Internal Auditors Section I: Business Acumen 41. Question ID: HOCK IT 004 (Topic: C. Information Security Controls)

41. Question ID: HOCK IT 004 (Topic: C. Information Security Controls)

  • This topic has 1 reply, 2 voices, and was last updated 1 year ago by Kevin Hock.
  • Creator
    Topic
  • #220068

    This forum is restricted to members of the associated course(s).

    This forum is restricted to members of the associated course(s).

    Armindo Comar
    Participant

    Hi all,

    Can anyone help me understand “public and private key” in encryption? I found a Google example of the post office where the sender uses the receiver’s address (public) and the receiver opens the mail with a private box (private key), but I still get confused in some other scenarios.

    Samantha wants to send a document to Mohammed using a digital signature so that Mohammed will know with near-certainty that the document really did come from Samantha. Which of the following scenarios would describe the process of sending the document with a digital signature?

    A.Samantha encrypts the document with her private key and Mohammed decrypts the document with her public key.
    B.Samantha encrypts the document with Mohammed’s public key and Mohammed decrypts the document with his private key.
    C.Samantha encrypts the document with her public key and Mohammed decrypts the document with her private key.
    D.Samantha encrypts the document with her public key and Mohammed decrypts the document with his private key.
    Question 41 of 73

Viewing 1 replies (of 1 total)
  • Author
    Replies
  • #220069

    This forum is restricted to members of the associated course(s).

    Kevin Hock
    Participant

    Armindo,

    Public and private key encryption boils down to one concept: Each key can only decrypt what the other key encrypts. So, if something is encrypted with the public key, it can ONLY be decrypted with the private key. If it is encrypted with the private key, it can ONLY be decrypted with the public key.

    The keys are named such that you know what each one is. The public one is freely sharable. You give it to anyone. The private key you keep private.

    So, keeping in mind that the private key must remain private and the public key is available to absolutely anyone, there are only two useful scenarios:

    1) You encrypt data with the public key so that only the person who holds the private key can read it.

    2) You encrypt data with the private key so that anyone in the public can verify the source because the public key will decrypt it.

    In the question you listed, we are using scenario 2.

    A. Is correct. This is scenario 2.

    B. This is scenario 1. Mohammed would be the only person who could read the data, but there is no proof it came from Samantha.

    C. This is nonsense, Mohammed would not have Samantha’s private key.

    D. This is also nonsense. The private-public key pairs must match. So using one of Samantha’s keys with one of Mohammed’s keys would not work.

    Does this explanation help? Any lingering doubts after reading this explanation?

    Kevin

Viewing 1 replies (of 1 total)

This forum is restricted to members of the associated course(s).

  • You must be logged in to reply to this topic.