Q1) what is the difference between the sender and the holder of the digital certificate? How to consider that a digital certificate is valid? How can one obtain a digital certificate for one public key without disclosing the private key?
Q2) Describe the relationship between the incident response and the forensic analysis.
Answer: A Digital Certificate is a certificate that is issued by a third party Certificate Authority (CA). The CA is verify the identity of the certificate owner. A digital certificate contains the certificate owner name, a serial number, date which displays the certificates valid from and expires date, a copy of certificate owner’s public key and the digital certificates of Certificate Authority (CA).
A certificate is digitally signed by a root certificate from a trusted CA. A Trusted CA root certificates are listed on Operations systems and browsers, so that they can easily verify that certificate which is issued and signed by CAs.Once a website is signed with a Digital Certificate, it indicates the business/website/sign-person is legitimate and verified by the Certificate Authority.
And a sender is a person who is sending message to a website or service. In a way a sender is end User/consumer person who wants to use the service.
- digital certificate is valid: A digital certificate is usually valid for a period of 1 or 2 years from the date of its download into token. A subscriber should be well aware of its certificate validity to that he can renew his certificate on time before the validity expires and to avoid probable business loss due to expired certificate.
ProxKey Token has unique expiry notification which brings to the subscriber knowledge, how much validity is balance for the certificate. These notifications will start 1 month prior to expiry of the certificate. To ensure that the token management utility given proper notification , the system date and time should be correct.
Check certificate details - The Certificate Details dialog box displays certificate information such as the signer’s name in the Signing as box, and who issued the certificate.
Open the file that contains the certificate you want to view.
Click File > Info > View Signatures.
In the list, on a signature name, click the down-arrow, and then click Signature Details.
In the Signature Details dialog box, click View.
- How can one obtain a digital certificate for one public key without disclosing the private key:
you don't need to publish the private key at all - RSA is a trapdoor permutation which means:
Thus, RSA supports doing both signing and encryption relying on the end user having only the public key.
In your case, if the client wishes to verify data came from the server, you apply the second case of RSA and decrypt the signature data using the public key you already have.
Furthermore, because it is a permutation, you shouldn't need to modify your code at all. Both keys should work using the same function. I would expect any decent crypto library would have APIs for verifying signatures according to the varying standards that exist - one of these would probably be a good bet.
RSA Labs provide a nice explanation of this.
If you want to extend this between servers, or verify client communication - generate keys for each entity and swap the public ones. The process can then be used at both ends.
Theoretically speaking, e and d are interchangeable (which is why RSA works)(one must be designated secret and kept secret) but p and q must always be kept secret as these allow you to derive d from e and vice versa. However, you need to be extremely careful in your understanding of the private key - does your software store p/q in the private key? If so, you can't publish it as is. Also, when I say interchangeable - once you publish one of that pair (e or d along with your modulus n) you must guard the other with your life. Practically speaking as Graeme linked to in the comments e is often chosed as a small/fixed value. My comment on e/d being interchangeable clearly does not apply when e is easily determined. Doing this sort of thing therefore has the potential for confusion and mis-implementation. Use a third-party library/don't start publishing private keys.
Answer 2:
Incident response and forensic analysis are related disciplines that can leverage similar tools and related data sets but also have some important differences. There are four particularly important distinctions between incident response and forensic analysis:
The difference in the goals of incident response and forensic analysis is perhaps the most important. Incident response is focused on determining a quick (i.e., near real time) reaction to an immediate threat or issue. For example, a house is on fire and the firemen that show up to put that fire out are involved in incident response. Forensic analysis is typically performed as part of a scheduled compliance, legal discovery, or law enforcement investigation. For example, a fire investigator might examine the remains of that house fire to determine the total damage to the house, the cause of the fire, and whether the root cause was such that other houses are also at risk. In other words, incident response is focused on containment of a threat or issue, while forensic analysis is focused on a full understanding and thorough remediation of a breach.
A second major distinction between the disciplines is the data resources required to achieve the goals. Incident response teams typically only require short-term data sources, often no more than a month or so, while forensic analysis teams typically require much longer lived logs and files. Keep in mind that the average dwell time of a successful attack is somewhere between 150 and 300 days.
While there is commonality in the personnel skills of incident response and forensic analysis teams, and in fact incident response is often considered a subset of the border forensic discipline, there are important distinctions in job requirements. Both types of research require strong log analysis and malware analysis capabilities. Incident response requires the ability to quickly isolate an infected device and to develop means to remediate or quarantine the device. Interactions tend to be with other security and operations team members. Forensic analysis typically requires interactions with a much broader set of departments, including operations, legal, HR, and compliance.
Not surprisingly, the perceived benefits of these activities also differ.
The ability to eliminate a threat on one machine in near real time is a major determinate in keeping breaches isolated and limited in impact. Incident response, and proactive threat hunting, is first line of defense in security operations. Forensic analysis is incident responses’ less glamorous relative. However, the benefits of this work are undeniable. A thorough forensic investigation allows the remediation of all threats with the careful analysis of an entire attack chain of events. And that is no laughing matter.
Q1) what is the difference between the sender and the holder of the digital certificate? How to c...
Q1) what is the difference between the sender and the holder of the digital certificate? How to consider that a digital certificate is valid? How can one obtain a digital certificate for one public key without disclosing the private key? Q2) Describe the relationship between the incident response and the forensic analysis.
Consider the following scenario: Alice receives a message, a digital signature and a certificate from Bob. In order to verify the signature, Alice does the following: Hashes the received message using the same hash algorithm that Bob used, that's your calculated hash Decrypts the signature using the public key contained in the certificate, that your decrypted hash Compares the calculated hash and the decrypted hash Because the 2 hashes are identical, Alice goes on and: Checks the validity period on...
Q1: Describe the difference between the equality operator (==) and the identity operator (===). Use if statements to demonstrate your understanding. Q2: How can you tell the difference between the number 3 and the string 3 in variable assignment? All the questions from basic JavaScript. Thanks!
Q1: What is the difference between common stock and preferred stock? Q2: How is corporate income double-taxed?
Fluids
Q1- What is the difference between precision and accuracy? Can a measurement be very precise but inaccurate? Explain. Q2- What is specific gravity? How is it related to density? What is cavitation? What causes it? Q3- For the setup shown in Figure, what is the the pressure P^ if the specific gravity of oil is 0.82? Open 4m 320 mm
Q1- What is the difference between turbo fan and turbo jet. Q2- What is Sodium Mercury potassium plant? Q3- What is Thermo Ioinic Plant? Q4- Compare between induced, natural, forced and balanced draught? Q5- How can we express the condenser performance? Please Answer all of these questions. please write them in text form don't write on a paper and take picture
What is the key difference between financial statement analysis and operating indicator analysis? How are these types of analyses useful to healthcare managers and investors? Consider a healthcare organization with which you are familiar and discuss what are some of the problems or challenges inherent in financial statement analysis?
In this discussion, reflect upon and discuss BOTH of the following questions: · Q1: At what age would you consider a person to be an adult? Explain your reasoning. Are there specific milestones that need to be accomplished during this stage? · Q2: How important do you think the accomplishment of intimacy vs. isolation is? Can a person lead a happy life without finding a significant other? Explain using examples from your life supported by information from the reading. Write...
1) What is the difference between non-pathogen, pathogen and opportunistic pathogen? 2)How does HIV affect the immune system? 3)Describe how B-cells and T-cells get activated in the adaptive immune response. 4)Describe how the immune cells can distinguish from self and non-self.
i. What is the difference between sample and population? ii. What is the difference between statistic and parameter? iii. What is the difference between descriptive statistics and statistical inference? iv. Categorical random variable contrast with numerical random variable. v. Compare discrete data from continuous data. saw. Detail the difference between nominal and ordinal scale. vii. Detail the difference between interval and ratio scale. viii. Explain the main reasons for obtaining data. ix. What is the difference between probabilistic and non-probabilistic...