Quote:
Originally Posted by pilotbob
No... I am guessing (assuming facts not in evidence just my history in designing databases and such) that your provided ID not the actually encryption key. ...
|
It's not. You can see the key in the registry [for windows] or the activation.dat [for mac]. If the key were based on the ID, tehn regenerating the keys for arbitrary ID's would be trivial.
Quote:
Originally Posted by jusmee
This is quite interesting. How, then, does a 3rd party website/bookstore, deliver me an ebook with DRM in it based on the Adobe ID? They might know my ID, but since they don't have the password not the "electronic serial number", how do they obtain the necessary info to lock the ebook to my ID?
|
OK, to answer this, let's get into a little crypto, but in English:
There is a key pair that's generated, one is a public key, and the matching one is the private key. What one key does, the other undoes. If I want to send you something that only you can encrypt, I will encrypt it with your *public* key. You (and only you) can decrypt it with your private key. The reverse is true as well.
Now, Adobe uses what's called a "key escrow system". That means that they hold a copy of both the public and private keys. When you log in to ADE fro the first time with your ID, it downloads the private key from Adobe to your computer (maybe the public too, I'm not sure about that). We can prove that this is true by going to another computer and setting up ADE there as well. The key is the same.
When you buy a book, the seller gets a copy of your public key and encrypts the book before sending to you. Since they encrypted it with your public key, you (and only you) can decrypt it with your private key.
I hope this helps.
- Ed