An investment advisor e-mails periodic newsletters to clients and wants reasonable assurance that
no one has modified the newsletter. This objective can be achieved by:
encrypting the hash of the newsletter using the advisor’s private key.
encrypting the hash of the newsletter using the advisor’s public key.
digitally signing the document using the advisor’s private key.
encrypting the newsletter using the advisor’s private key.
There is no attempt on the part of the investment advisor to prove their identity or to keep the
newsletter confidential. The objective is to assure the receivers that it came to them without any
modification, i.e., it has message integrity. Choice Ais correct because the hash is encrypted using
the advisor’s private key. The recipients can open the newsletter, recompute the hash and decrypt
the received hash using the advisor’s public key. If the two hashes are equal, the newsletter was
not modified in transit. Choice B is not feasible, for no one other than the investment advisor can
open it. Choice C addresses sender authentication but not message integrity. Choice D addresses
confidentiality, but not message integrity, because anyone can obtain the investment advisor’s
public key, decrypt the newsletter, modify it and send it to others. The interceptor will not be able
to use the advisor’s private key, because they do not have it. Anything encrypted using the
interceptor’s privatekey can be decrypted by the receiver only by using their public key.