RE: Opening PKI encrypted with Public Key outside your Escrow Authority.

From: Adrian Floarea (adrian.floarea@uti.ro)
Date: Mon Mar 06 2006 - 14:37:11 EST


Hi Sean,

I'm not sure if I understand very well your case (), but I have some
remarks. If I understand well the hypothesis are:

1. Acme company has a PK infrastructure with escrowed private key
2. User Beta has a PK infrastructure

In this circumstances, the answer for your question is simple:

No, you cannot decrypt the message. After you encrypt the message, only a
person which has a private key (in this case User Beta) can decrypt the
message. You, theoretically, don't have access to this key so you cannot
decrypt the message.

Regards,

Adrian Floarea, CISA
Information Security Department
IT&C Division, UTI Systems SA
Bucharest, Romania
Email: adrian.floarea@uti.ro

-----Original Message-----
From: Benson, Sean M [mailto:BensonS@state.gov]
Sent: Monday, March 06, 2006 7:59 PM
To: pen-test@securityfocus.com
Subject: Opening PKI encrypted with Public Key outside your Escrow
Authority.

I have a Question maybe someone can explain to me.

Say company Acme has a PKI structure.
Company/User Beta also has PKI or is using PKI software

It allows S/MIME and Proprietary Keys to be imported into and AcmeUser's
keyrings/address books.

If User@Acme.com uses the key from AnotherUser@Acme.com I as the Key Escrow
CA can open/un-encrypt/read the mail using the Escrowed Private keys.

But If User@Acme.com uses the Public Key from User@Beta.com to encrypt.
Can I open this message using only the Keys I have Escrowed?

Ie.. Only AcmeUser's Public/private pair?

Or is it encrypted with the Public key of UserBeta and I am SOL?

It's a discussion and I think I'm right but I'm having a hard time trackling
down facts online about this.

Which makes me think either it's so easy to open it that's it's just a
given.
or It's impossible and so blatant that it's a given.
or I'm an ass who skipped some whitepapers I should have read.

 
btw: I believe your SOL without that other key as it's encrypted with it. Am
I right?
Sbenson

DRM:
"In other words, embarrass and shackle the progress of improvements of
tomorrow by recording and registering as law the prejudices and errors of
today". - Isambard Kingdom Brunel

----------------------------------------------------------------------------

--
This List Sponsored by: Lancope
"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis
(NBA) and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security. 
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and
Response Systems in the Enterprise."
http://www.lancope.com/resource/
----------------------------------------------------------------------------
--
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:37 EDT