That is, the package has two parts - the encrypted message and a message
digest (the signature block).
"Maarten
Hartsuijker" To: <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>,
<maarten@hartsu <[EMAIL PROTECTED]>
ijker.com> cc:
Subject: Re: SSL Question
16/02/2002
08:55 AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> If the private key is hashed while signing it by MD5 or SHA1 (both
> of which are irreversible) then how does the public key decrypt
> it??
> >
The decryption has nothing to do with MD5 or SHA1. The signature is
just for authenticity of the data. Encryption and decription is done
by using the public 1024/2048 RSA key of the receiver.
If you got a bunch of sensitive data to send over the internet, you
encrypt it using the public key of the person that is receiving the
message. Only he can then decrypt your data using his privat key
(that goes with the public key you used to encrypt the data). After
encryption, the data can be securely transported over insecure
networks.
But how does the receiver know that the packages is coming from you
and has not been hijacked and replaced along the way? Well, because
you sign the package using your privat key, the authenticity can be
verified using your public key that is for instance stored on a key
server.
hth,
maarten
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1
iQA/AwUBPG2D7Zj3zCKq1vRDEQLJDACg33UKH7Fj1wBH28nvl6tnw9WTcu4AoJk7
GzfzUr/Ho78T1y7ykqgyBjsM
=uexm
-----END PGP SIGNATURE-----
