That is, the package has two parts - the encrypted message and a message digest (the signature block).
"Maarten Hartsuijker" To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, <maarten@hartsu <[EMAIL PROTECTED]> ijker.com> cc: Subject: Re: SSL Question 16/02/2002 08:55 AM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > If the private key is hashed while signing it by MD5 or SHA1 (both > of which are irreversible) then how does the public key decrypt > it?? > > The decryption has nothing to do with MD5 or SHA1. The signature is just for authenticity of the data. Encryption and decription is done by using the public 1024/2048 RSA key of the receiver. If you got a bunch of sensitive data to send over the internet, you encrypt it using the public key of the person that is receiving the message. Only he can then decrypt your data using his privat key (that goes with the public key you used to encrypt the data). After encryption, the data can be securely transported over insecure networks. But how does the receiver know that the packages is coming from you and has not been hijacked and replaced along the way? Well, because you sign the package using your privat key, the authenticity can be verified using your public key that is for instance stored on a key server. hth, maarten -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBPG2D7Zj3zCKq1vRDEQLJDACg33UKH7Fj1wBH28nvl6tnw9WTcu4AoJk7 GzfzUr/Ho78T1y7ykqgyBjsM =uexm -----END PGP SIGNATURE-----