On Tue, Apr 01, 2003 at 02:57:20PM +1200, Yuri de Groot wrote:
> Only the sender can produce the sig, using his/her private key.
> Recipients can then use their own copy of the sender's public key to verify.
Best way to think of it, is like this:
Signature <-----> Plain Text <----> Encrypted Text
<-<-<- Going this way needs private key part -<-<-<
>->->- Going This way needs public key part ->->->
"signing" is like 'decrypting' the text, to garbage. this can be verified by
a public party 'encrypting' the garbage to get the plain text. if the plain
text matches the 'encrypted' garbage, the signature is said to be verified.
(This is a *VERY* *VERY* loose laymans description of what happens..)
key owner has private part, which is itself encrypted using a simple
'passphrase' mechanism.
Joe Public has the public part, which can be distributed by the owner by
'uploading' they key to a public key server.
This is covered pretty extensively in any public-key cryptography paper.
Mike.
--
Mike Beattie <[EMAIL PROTECTED]> ZL4TXK, IRLP Node 6184
"Why Not? I'm drunk right now." -- Anthony Towns when asked about
naming the next Debian release after the winner of an auction.
