Hi Sarah,
On Saturday, September 20, 2003 4:06 PM Sarah Haff wrote:
Attached is a highlevel diagram that depicts how openssl will be utilized in the application for encrypting data from the sender to the receiver.
You mention, that the data is "encrypted using the sender's private key ... to ensure that data is sent by the intended sender". Even though you sometimes find this _expression_ in literature, I consider it clearer when you say "data is signed by the sender's private key".C.f. the following table:
| Sender | Receiver | |
|---|---|---|
| Encrypt | Encrypts with the receiver's public key. | Decrypts with his own private key. |
| Sign | Signs with his own private key. | Verifies the signature with the sender's public key. |
If you describe it from a high-level perspective, you should omit the MD5 checksum. If you want to be precise, the first arrows are an unencrypted data flow. Since asymmetric encryption takes many cpu-cycles, you sign the MD5 or SHA checksum instead of the whole data. The same is true when you encrypt data with the receiver's public key: The data flow is encrypted with a symmetric encryption algorithm and only the key for this encryption is encrypted with the receivers public key.
In an advanced szenario you might depict that the public keys involved are in turn signed by a CA to prevent a "man in the middle attack".
Regards, Christian
