Your organization decides to implement the security functionality of the digital signature on the email system based on the public key infrastructure. Which of the following statements is not true about the initiative?
A. Certificate Authorities (CAs) are required
B. The email message is encrypted by the public key of the recipient
C. Both data integrity and sender identity can be assured
D. Only the digest of the email message is encrypted by the private key of the sender
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. The email message is encrypted by the public key of the recipient.
Certificate Authorities (CAs) are required because they are core components of the public key infrastructure (PKI).
It’s a misnomer that an email message must be encrypted when it is signed. An email can be signed, encrypted, or both.
Typically, email messages are not directly encrypted by the public key of recipients. Instead, an encrypted email is protected by random secret keys and wrapped in a digital envelope which encloses those random secret keys protected by the public key of recipients.
The digital signature ensures data integrity, source authenticity, and non-repudiation by encrypting the hash/digest (extracted from the message) using the sender’s private key. However, it does not encrypt the message itself. The so-called “sign the message” is an operation to “encrypt the hash/digest of the message.”