Points to remember
● Phishing: Phishing is acquiring critical data like login credentials through telephone, sms, e-mail or any social media by the crackers disguising as authentic.
● Authentication: Information of the entity sending the document is often included in the document, but the information may be inaccurate. A digital signature can be used to authenticate the source of a document.
● Integrity: In many scenarios, the sender and receiver of the document will require confidence that the document has not been tampered with during the transfer. If the document was digitally signed, any modification of the document will invalidate the signature.
● Non-repudiation: Repudiation refers to any act of relinquishing responsibility for a message. Non-repudiation ensures that the signer who digitally signed the document cannot deny having signed it. The digitally signed documents strengthen its recipient integrity claims. Therefore, the recipient can strongly insist on the signature of the sender so as not to be easily denied at a later time.
● The difference between a digital signature and digital certificate is that a digital certificate binds a digital signature to an entity; whereas a digital signature ensures that a data remain secure from the point it was sent. In other words: digital certificates are used to verify the trustworthiness of the sender, while digital signatures are used to verify the trustworthiness of the data being sent.
● The certificate authority maintains a database of public keys called repository so that it can verify the user with digital signatures. Expired certificates are usually deleted from the database by the certificate authority.
● Brute-force attacks is the simplest attack method for breaking any encryption; that is, trying all the possible keys one by one.