Subj : Re: PGP question
To   : alterego
From : Adept
Date : Tue Jun 09 2020 02:51 am

 al> When you "sign" it does not have to be encrypted. IE: I can clear sign a
 al> piece of text, that anybody can read, but the signature below it will
 al> only be validated with my public key, prooving it came from me.

I get that.

The thing is, you sign using PGP by applying your private key to it. Since
it's a symmetric key, whether you use the public or private key doesn't
matter, because one encodes, and the other decodes. It doesn't matter which.

Mind you, it'd be pretty easy to break if you only encrypted using your
private key, because anyone can unencrypt it.

But that's exactly what happens with a signature. It's literally applying the
private key to something, which the public key decodes.

It's a signature because it requires using the private key that
(theoretically) no one else has access to, and thus you know that it's a
signature because your public key, and only your public key, validates it.

I found a couple of pages on it, and maybe those explanations would make more
sense for you.

https://www.docusign.com/how-it-works/electronic-signature/digital-signature/
digital-signature-faq

and

https://www.quora.com/What-is-a-PGP-signature

--- Mystic BBS v1.12 A45 2020/02/18 (Linux/64)
 * Origin: Storm BBS (21:2/108)

.