On Fri, 23 Nov 2001, Migs Paraz wrote:
> Yup, the sender should use the mailing list's public key to encrypt > it, and it should be signed by the sender. Signing a document is totally different process with a different purpose from encryption. You normally sign a plain text document to prove to the recipient that the document came from you. The signing process involves the following steps. (1) From the plain text document, a message digest is computed. (2) The message digest is encrypted using the senders private key. (3) Both plain text message and encrypted message digest are sent to recipient. (4) Upon receipt of the message, recipient then decrypts the message digest using the senders public key to get the message digest. (5) Recipient then makes his own computation of a message digest from the plain text message. (6) If the decrypted message digest and his computed message digest are equal, then the message really came from the sender. > Yup, the sender should use the mailing list's public key to encrypt > it, and it should be signed by the sender. If you require both encrypting with the server's public key and signing with the sender's private key, then the server has to do something special to undo these steps. Most packages (openssl and PGP) don't do these as default. PMana _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
