KEYS- SMIME/PGP and digital signatures

9MMMAC9MMMAC Member Posts: 10 ■□□□□□□□□□
Hello everybody! Please consider this statement: When using SMIME, the symmetric key is encrypted with the recipient's public key, but when using a digital signature, it's encrypted with the sender's private key. True? I think it is because a digital signature relies on the fact that a message encrypted with the sender's private key has to match what's recovered with the sender's public key, and SMIME (and PGP???) use the recipient's public key to send emails, which can be opened only with the recipient's private key.

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Yes, if you want to encrypt something, you use the recipient's public key. Anyone who has access to his public key will be able to send an encrypted message to him, but he is the only one who will be able to decrypt it.

    If you want to sign something, you use your own private key. That way, anyone who has access to your public key will be able to verify that the message is authentic. This provides integrity, not confidentiality.

    Welcome to the forums :D
  • msbachmanmsbachman Member Posts: 43 ■■□□□□□□□□
    @ Dynamik, pretty sure that you mean "public key" in the first sentence above.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Indeed. Nice catch :D
  • 9MMMAC9MMMAC Member Posts: 10 ■□□□□□□□□□
    OK! That's one down! Always good to have a guru approve things. Thank you.
Sign In or Register to comment.