Not correct. You sign the message with YOUR private key. The signature is verified by the recipient using your certificate which is issued by a CA.
If you are also enveloping, then the data is encrypted under a "one-shot" symmetric key, and this symmteric key is then encrypted using the public key of the intended recipient (obtained from hiscert). Only the intended recipient can decrypt that one shot key which enables them to decrypt the message because only he has the matching private key that will allow this. Dave ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
