On Tue, Apr 01, 2003 at 02:57:20PM +1200, Yuri de Groot wrote: > Only the sender can produce the sig, using his/her private key. > Recipients can then use their own copy of the sender's public key to verify.
Best way to think of it, is like this: Signature <-----> Plain Text <----> Encrypted Text <-<-<- Going this way needs private key part -<-<-< >->->- Going This way needs public key part ->->-> "signing" is like 'decrypting' the text, to garbage. this can be verified by a public party 'encrypting' the garbage to get the plain text. if the plain text matches the 'encrypted' garbage, the signature is said to be verified. (This is a *VERY* *VERY* loose laymans description of what happens..) key owner has private part, which is itself encrypted using a simple 'passphrase' mechanism. Joe Public has the public part, which can be distributed by the owner by 'uploading' they key to a public key server. This is covered pretty extensively in any public-key cryptography paper. Mike. -- Mike Beattie <[EMAIL PROTECTED]> ZL4TXK, IRLP Node 6184 "Why Not? I'm drunk right now." -- Anthony Towns when asked about naming the next Debian release after the winner of an auction.