Certification

There is, of course, a problem with the scheme above. Since the public keys are really public, anyone can ``forge'' a message to you. So your enemy can pretend to be your friend and send you a message just like your friend can--they both have access to the public key. Your enemy's information can completely mislead you. So how can you be certain that a message that says it is from your friend is really from your friend?

Here is one way to do it, assuming that you both have the public and private keys $E_a$, $E_b$, $D_a$, and $D_b$ as discussed in the previous section. Suppose I wish to send my friend a message that only he can read, but in such a way that he is certain that the message is from me. Here's how to do it.

I will take my name, and pretend that it is an encoded message, and decode it using $D_a$. I am the only person who can do this, since I am the only person who knows $D_a$. Then I include that text in the real message I wish to send, and I encode the whole mess using $E_b$, which only my friend knows how to decode.

When he receives it, he will decode it using $D_b$, and he will have a message with an additional piece of what looks to him like junk characters. The junk characters are what I got by ``decoding'' my name. So he simply encodes the junk using my public key $E_a$ and makes certain that it is my name. Since I am the only one who knows how to make text that will encode to my name, he knows the message is from me.

You can encode any text for certification, and in fact, you should probably change it with each message, but it's easy to do. Your message to your friend would look like this:

``Attack at dawn. Here is my decoding of 'ABCDEFG': 'JDLEODK'.''

To assure privacy, for each message, change the ``ABCDEFG'' and the corresponding ``JDLEODK''.