RE: SSL Question

From: Raoul Armfield (armfield@amnh.org)
Date: 02/21/02


Date: Thu, 21 Feb 2002 12:42:32 -0500
To: <meghani@nsecure.net>, "Kurt Seifried" <bugtraq@seifried.org>, "Dawes, Rogan (ZA - Johannesburg)" <rdawes@deloitte.co.za>, "'Niall O Malley (LMI)'" <Niall.OMalley@eei.ericsson.se>, <webappsec@securityfocus.com>, <security-basics@securityfocus.com>
From: Raoul Armfield <armfield@amnh.org>


I am new to this field but as I understand it the public key does no form
of decryption only encryption the Private key does all the decrypting

At 05:28 AM 2/15/2002, Shripal wrote:
>|Huh. No. You have private keys and public keys. Public keys are distributed
>|and can be used to encrypt data that only the private key can decrypt.
>|Private keys can be used to sign data (actually it encrypts a hash value of
>|the data such as MD5 or SHA1) and this signature can be verified
>|(decrypted)
>|by the public key. This is essentially true of all "public key"
>|cryptography.
>
>If the private key is hashed while signing it by MD5 or SHA1 (both of which
>are irreversible) then how does the public key decrypt it??

Thanks,

Raoul

________

Military action is important to the nation -- it is the ground of death and
life, the path of survival and destruction, so it is imperative to examine
it. --- Sun Tzu " The Art of War"