Thanks,
something I would appreciate if you could clarify:
David C. Partridge wrote:
Not correct.
You sign the message with YOUR private key. The signature is verified by
the recipient using your certificate which is issued by a CA.
agreed,
If you are also enveloping, then the data is encrypted under a "one-shot"exactly how is that "symmetric key generated"??
symmetric key,
I admit it has to be a function of "hiskey", that was obvious from the bases of PKI,
but
how does that "one shot symmetric key" which has to be a function of my private and his public key get generated?
Which "myprivatekey" does openssl use in this case? the one that was used to sign the data?
and this symmteric key is then encrypted using the public keywhich means it has to be a function of myprivatekey && hiscert ? so that he can use mycert && hiskey to decrypt?
of the intended recipient (obtained from hiscert).
it has to be something which confirms to (G^(xy) mod p = (G ^x mod p)^y mod p = (G^y mod p )^ x mod p or something equivalent for RSA??...)
so what is that one shot key?
Only the intended recipient can decrypt that one shot key which enables them to decrypt the message because only he has the matching private key that will allow this.
Dave
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
