Question

Consider the following scenario:

Alice receives a message, a digital signature and a certificate from Bob. In order to verify the signature, Alice does the following:

Hashes the received message using the same hash algorithm that Bob used, that's your calculated hash

Decrypts the signature using the public key contained in the certificate, that your decrypted hash

Compares the calculated hash and the decrypted hash

Because the 2 hashes are identical, Alice goes on and:

Checks the validity period on the certificate

Because the certificate is still valid according to its validity period, Alice goes on and identifies the issuer of the certificate.

She looks for a certificate for the issuer on the Internet and finds one on a forum page.

She uses the issuer's certificate to verify the signature on Bob's certificate.

Because the signature is valid, Alice concludes that the message was indeed written by Bob and that the message was not tampered with during its transit over the network.

What do you think about Alice's conclusion? Did she miss any step into the verification? Please include in your response any assumption that you have used.

Answer 1

in this scenario the alice can conclude that it was the message sent from the bob only not from any other third party people because alice follows all the steps in order to identify the validity of the sender by using certifications.