> bob got one private key and a public key, both keys can encrypt any > data but only the private key (that is kept secret ) can decrypt the > data , right ?
No. What can be encrypted with one key can only be decrypted with the other. This is a one-to-one concept; the public and private key come in pairs, and only work in "matching sets." If I have your public key, I can encrypt something so that only you (or the holder of your private key) can read it. If you encrypt something with your private key, anyone who has the public key can decrypt it. If you hash a message (stream of bytes), and encrypt the hash, then you can call that a "signature." Anyone who has the message, your public key, and the signature can verify that the message they have is an exact copy of the message you "signed." /r$ -- SOA Appliances Application Integration Middleware [EMAIL PROTECTED] wrote on 06/23/2006 07:16:58 AM: > now for Bob to create a digital signature , needs to compute a digest > message using a hashing function, then encrypt the digest message, and > that gives me the digital signature. > > now Pat receives a document from Bob with his digital signature, Pat's > computes the message digest of the document and DECRYPT the signature > with Bob's public key !!! > I've understood that's only Bob's private key can decrypt any data , > so what's wrong ? > > please enlighten me > Thanks you > hicham > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]