Subj : Re: PGP question
To   : Adept
From : alterego
Date : Mon Jun 08 2020 08:49 pm

  Re: Re: PGP question
  By: Adept to alterego on Mon Jun 08 2020 07:23 am

 Ad> Just so I'm understanding the question correctly, we're talking about some
 Ad> sort of signature where you can decode it by using that user's public key,
 Ad> correct?
 Ad> Thus you somehow have to have B's signature, which was encrypted with B's
 Ad> private key, become unencrypted by something other than B's public key?

No, no decoding, nor encryption involved. With PGP, you can "digitally sign" a piece of text, that somebody can verify with a public key.

 Ad> That seems to be against the very idea of how a signature is supposed to
 Ad> work. But maybe I'm missing something in the question.

Perhaps... Since I'm not talking about "encryption", but rather "digital signature", I'm wondering is it possible to validate that the message came from "B", because "A" signed "B"'s key and "C" has "A"s key...

SSL works the same way. A certificate on my website is validated by the fact that your browser trusts the root certificate that is an ancestor of my certificate. (The difference is, you also get my public certificate, so I may have answered my own question...)

IE: I'm wanting to verify that "B" send a message, when "C" receives it, and "C" doesnt have "B"s public key - but has "A"s and "A" also signed "B"s key.

....лоеп

.... Youth doesn't excuse everything. Dr. Janice Lester stardate 5928.5.
--- SBBSecho 3.11-Linux
 * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

.