ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

257

describe the rules governing the different uses of these certificates.

G09. How does a PKI ensure data confidentiality?

Users' public keys are published in an accessible directory. A person wishing to send an encrypted

message uses the recipient's public key to scramble the information in the message. Only the

recipient's private key can decrypt the message.

So, if Bob wants to send a confidential message to Alice, his PKI software finds Alice's public key in

the directory where it is published, and he uses it to encrypt his message. When Alice receives the

encrypted message, she uses her private key to decrypt it. Because Alice keeps her private key secret,

Bob can be assured that, even if his message were to be intercepted, only Alice can read it.

G10. What is a digital signature?

Not to be confused with a digitized signature (a scan of a hand-written signature), a digital signature

can be used with either encrypted or unencrypted messages to confirm the sender's identity and ensure

the recipient that the message content has not been changed in transmission. Digital signatures

incorporate the characteristics of hand-written signatures in that they can only be generated by the

signer, are verifiable, and cannot easily be imitated or repudiated.

G11. How does a digital signature work?

Suppose that the famous Bob and Alice wish to correspond electronically. Bob wants to assure Alice

that he originated the electronic message, and that its contents have not been tampered with. He does

so by signing the message with a digital signature.