Technically, digital signature refers to the ciphertext that comes from the hash value of the plaintext encrypted by an asymmetric cipher using the private key. Which of the following can not be achieved by digital signature? (Wentz QOTD)
A. Confidentiality
B. Data integrity
C. Authenticity
D. Nonrepudiation
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Confidentiality.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Digital signature ensures nonrepudiation, which entails the authenticity of the origin of data and data integrity. Even though a digital signature uses the private key to encrypt the hash value that enforces confidentiality in this regard, it’s not designed to protect the confidentiality of the plaintext or original messages.
Reference
從技術上講,數位簽章是指以私鑰透過非對稱式的加密器將明文的哈希值加密所產生的密文。 下列哪項不能通過數位簽章實現?(Wentz QOTD)
A. 機密性
B. 數據完整性
C. 真實性
D. 不可否認性