Perversity of Section 13
Andrew Meredith
meredith at iee.org
Tue, 03 Aug 1999 01:57:16 +0100
Ben Laurie wrote:
>
> Andrew Meredith wrote:
> >
> > I think I am right in saying that checking a signature involves
> > decrypting some form of hash value with the public key. If the
> > decryption works it is the right key, if the hash matches the hash you
> > calculate yourself the signed object has not been altered.
>
> That's just one way of doing it, chosen because it keeps the
> signature relatively small. You could just encrypt the plaintext
> with your private key, the proof then being that the decryption
> with the corresponding public key works, but that would be slow
> and large.
>
> Cheers,
>
> Ben.
Worse still ... The point being (in at least some major technologies)
there is a straight decryption step in the verification of a signature
and an encryption step in its production.
Andy M