Is there any technique so that if I encrypt data, the ciphertext would be genuin

Question

Is there any technique so that if I encrypt data, the ciphertext would be genuine and if someone else tries to encrypt the same data the ciphertext could be determined as fake or just invalid?

I want to create a network in which the user has to register to get a ciphertext (like a token) and only after getting a genuine ciphertext would they be allowed to communicate with other users in the network. The ciphertext would contain their identity.

However, if I simply use any simple encryption method, the user would be able to fake their identity by encrypting the data in the same format and method. I do not want to use a server/database to verify the identity. That is why I was thinking of ways to disallow fake ciphertexts.

If this is possible can you suggest a solution to achieve this? If not can you suggest an alternative?

Explanation / Answer

I think the solution to your problem is a digital signature as CodesInChaos pointed out. Here is how it would work:

When a user registers with your server they are given a token which will consist of (at a minimum) the user's id. The server also uses its private key to digitally sign the token (or more likely a hash of the token).

Now, say user1 and user2 have done this and now want to communicate. They each send their token and digital signature to the other user. They each take the token and signature that they received from the other user, and use the servers public key to verify that the signature was correct. If so they proceed to communicate.

There are some things you will want to think about before using this, however. You might want to kick people out of the network. That will require some additional work.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.