On Fri, 2016-02-05 at 13:15 +0100, Stig Roar Wangberg wrote:
Ah, I think I'm beginning to understand. So this is another form of encryption, still using the receiver's public key, and s/he still has to use his or her private key to decrypt the message?
It's not *another* form of encryption. It's how PGP encryption works. The receiver's public key is used to encrypt a random symmetric session key which in turn is used to encrypt the message body. The receiver uses his/her private key to decrypt the symmetric session key and thence the message. Consult any of the docs on PGP for more detail, or read Zimmerman's book. Public key systems nearly always work this way because it would be too expensive to use the asymmetric algorithms on the message body itself. As for *signing* the message, that uses your private key to encrypt a hash of the message. It can then be checked by anyone with access to your public key. poc
Attachment:
signature.asc
Description: This is a digitally signed message part