One more point to note, specifically in regard to the privacy method of encrypting messages.
We often give the shorthand explanation when we say that we encrypt the message with the recipient's public key. Certainly you can do this. However, given that the computational load of asymmetric key encryption (public/private) is significantly greater than symmetric key encryption, the actual method used typically involves: 1. Generate a random symmetric key 2. Encrypt the message with the specific symmetric algorithm (AES, DES, etc) 3. Encrypt the randomly generated key with the recipient's public key 4. Send the encrypted key with the encrypted message Now, as already explained by another responder, only the recipient's private key will be able to decrypt and allow use of the random symmetric key to decrypt the message. In this case the randomly generated symmetric key was "enveloped" with the recipient's public key. Surely, you can have some messages which are smaller than a key. Overall though, with varying message sizes, the speed and efficiency of symmetric encryption makes this combined symmetric and asymmetric encryption pretty much the standard way of handling message privacy (if you take a closer look at what is going on). See PGP and s/MIME. For more on all this business, I recommend PKI: Implementing and Managing E-Security, Rsa Press Author: Andrew Nash regards, tt -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of hicham Sent: Friday, June 23, 2006 7:17 AM To: openssl-users@openssl.org Subject: confusion about digital signatures hello I'm having some confusion about digital signatures, in this web site "http://www.youdzone.com/signature.html"; gives a nice examle of what 's a digital signature? Here what I understood : bob got one private key and a public key, both keys can encrypt any data but only the private key (that is kept secret ) can decrypt the data , right ? now for Bob to create a digital signature , needs to compute a digest message using a hashing function, then encrypt the digest message, and that gives me the digital signature. now Pat receives a document from Bob with his digital signature, Pat's computes the message digest of the document and DECRYPT the signature with Bob's public key !!! I've understood that's only Bob's private key can decrypt any data , so what's wrong ? please enlighten me Thanks you hicham ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
