Subj : Re: PGP question
To   : alterego
From : apam
Date : Tue Jun 09 2020 09:17 am

 al>   Re: Re: PGP question
 al>   By: Adept to alterego on Mon Jun 08 2020 08:22 pm

 Ad> Perhaps I'm still not following, but my understanding of a PGP
 Ad> signature is that I encrypt something (generally a hash) using
 Ad> my private key, and then you decrypt it using the public key
 Ad> and see if it matches that something. 

 al> With PGP, you can choose to encrypt something - so that only the
 al> receipent can see it, or you can choose to sign something - which
 al> proves you are the only person that sent it.

 al> When you "sign" it does not have to be encrypted. IE: I can clear
 al> sign a piece of text, that anybody can read, but the signature
 al> below it will only be validated with my public key, prooving it
 al> came from me.

I'm pretty sure Adept is right here, a signature (the little bit down
the bottom) is an encrypted hash of the message, which has been
encrypted using the private key so it can be decrypted with the public
key and that's how verification of the (unencrypted) message works.

Andrew


--- MagickaBBS v0.15alpha (Linux/x86_64)
 * Origin: HappyLand - telnet://magickabbs.com:2023/ (21:1/126)

.