KEYS- SMIME/PGP and digital signatures

9MMMAC9MMMAC Posts: 10Member ■□□□□□□□□□
Hello everybody! Please consider this statement: When using SMIME, the symmetric key is encrypted with the recipient's public key, but when using a digital signature, it's encrypted with the sender's private key. True? I think it is because a digital signature relies on the fact that a message encrypted with the sender's private key has to match what's recovered with the sender's public key, and SMIME (and PGP???) use the recipient's public key to send emails, which can be opened only with the recipient's private key.

Comments

  • dynamikdynamik Posts: 12,314Banned
    Yes, if you want to encrypt something, you use the recipient's public key. Anyone who has access to his public key will be able to send an encrypted message to him, but he is the only one who will be able to decrypt it.

    If you want to sign something, you use your own private key. That way, anyone who has access to your public key will be able to verify that the message is authentic. This provides integrity, not confidentiality.

    Welcome to the forums :D
  • msbachmanmsbachman Posts: 43Member ■■□□□□□□□□
    @ Dynamik, pretty sure that you mean "public key" in the first sentence above.
  • dynamikdynamik Posts: 12,314Banned
    Indeed. Nice catch :D
  • 9MMMAC9MMMAC Posts: 10Member ■□□□□□□□□□
    OK! That's one down! Always good to have a guru approve things. Thank you.
Sign In or Register to comment.