Forging votes: how to get the public keys?

Posted Nov 18, 2017 21:19 UTC (Sat) by JanC_ (guest, #34940)
In reply to: Forging votes: how to get the public keys? by giraffedata
Parent article: ROCA: Return Of the Coppersmith Attack

All relevant information is in the certificate, which is signed by a government CA?

Forging votes: how to get the public keys?

Posted Nov 19, 2017 18:53 UTC (Sun) by jem (subscriber, #24231) [Link] (2 responses)

"Public keys" and "certificates" are essentially the same for this discussion. The certificate contains the public key together with personal information linking the public key with the identity of the key holder.

I guess the question boils down to: If every transaction involving a signature performed with a private key also conveys the corresponding certificate, what is the public registry containing the certificates of the whole population of a nation needed for?

If you have all the CA certificates up to a trust point, then you can verify that the certificate is valid and belongs to the subject. The registry does not provide any additional information.

Forging votes: how to get the public keys?

Posted Nov 20, 2017 17:17 UTC (Mon) by ScottMinster (subscriber, #67541) [Link] (1 responses)

If I want to encrypt something to send to you, I might not yet have your public key (maybe we haven't met, or I otherwise don't have an copy of your public key). A public database is useful for that scenario.

Forging votes: how to get the public keys?

Posted Nov 20, 2017 20:04 UTC (Mon) by jem (subscriber, #24231) [Link]

Fair enough, even if this is not the main use for electronic ID cards.