Subj : Re: PGP question
To   : alterego
From : Adept
Date : Mon Jun 08 2020 08:22 pm

 al> No, no decoding, nor encryption involved. With PGP, you can "digitally
 al> sign" a piece of text, that somebody can verify with a public key.

Perhaps I'm still not following, but my understanding of a PGP signature is
that I encrypt something (generally a hash) using my private key, and then
you decrypt it using the public key and see if it matches that something.

It's the reverse of encrypting a message, where I'd use your public key, and
you'd decode with your private key.

Is that _not_ what a PGP signature is? How do you create something that's
trustworthy as someone's signature without using encryption?

 al> of my certificate. (The difference is, you also get my public
 al> certificate, so I may have answered my own question...)

That would make sense, then.

With your example, it seems like you can see that A signed something, and if
you trust A's signature, then that's good enough even without B's actual
signature.

--- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
 * Origin: Storm BBS (21:2/108)

.