0

Let's say I want to prove to someone that a webpage claims X. I could take a screenshot, but it could easily be doctored. However, the webpage's contents are encrypted by the domain using its private key. Is there a way to use the encrypted message to prove to someone that I haven't modified it?

I think this is possible if I generate a temporary private key and use it in the connection, then present it along with the encrypted text. Then, anyone can decrypt the message using my temporary private key, and since I can't encrypt a message without the domain's private key, they can be confident it's authentic.

Is there a way to do this without presenting my private key?

Joel
  • 123
  • 5
  • 5
    ".... the webpage's contents are encrypted by the domain using its private key." - No. It is encrypted using symmetric encryption, where both client and server know the key. Thus the client can easily make up something which looks like encrypted by the server. – Steffen Ullrich Oct 05 '21 at 18:49
  • 3
    Noone can encrypt with a private key at all; a server could sign, which some ill-informed people wrongly call encrypting with private key, but HTTPS doesn't sign. Any key of yours is totally irrelevant. Dupe https://crypto.stackexchange.com/questions/61844/ https://crypto.stackexchange.com/questions/29751/ https://crypto.stackexchange.com/questions/60233/ https://crypto.stackexchange.com/questions/5455/ https://crypto.stackexchange.com/questions/47478/ and cross https://security.stackexchange.com/questions/187577/ and more linked there. – dave_thompson_085 Oct 05 '21 at 23:25

0 Answers0