Subj : Re: PGP question To : apam From : alterego Date : Tue Jun 09 2020 05:12 pm Re: Re: PGP question By: apam to alterego on Tue Jun 09 2020 09:17 am ap> I'm pretty sure Adept is right here, a signature (the little bit down ap> the bottom) is an encrypted hash of the message, which has been ap> encrypted using the private key so it can be decrypted with the public ap> key and that's how verification of the (unencrypted) message works. Actually, I wasnt 100% sure that it was - hence why I started down this path. My doubts where two fold: * Encrypting something is done from public key -> private key (ie: encrypt with the public key, de-crypt with the private key), and private key (it can encrypt and decrypt). I didnt think you could encrypt with your private key, and the public key can decrypt it. * So I was thinking the "little bit at the bottom", is not something encrypted, but rather something that is base64 encoded of the result of a computation. It is the hash of the message, using the public key portion of your key (your public key provides the nonce), that somebody else with your public key can come to the same calculation. And thus if they do, it was from you. So I was wondering if the "little bit at the bottom" also had other key computation results (because your key is signed by somebody else), and thus with that other public key, while I cant directly validate the message can from you, I can indirectly, because I also have that "other public key" and can validate that hash. (Did I loose you...?) But Oli said, you cant do that validation without the original public key at all, so perhaps I've got my answer. It was good to talk through it though. ....лоеп .... Committee work is like a soft chair...easy to get into but hard to get out --- SBBSecho 3.11-Linux * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116) .