[svlug] How to sign a shell script?

David Hummel lemmuh at gmail.com
Mon Sep 6 10:35:02 PDT 2010


On Sun, Sep 5, 2010 at 4:22 PM, Ajit Natarajan <ajitk at email.com> wrote:
>
> I think that the way to digitally sign a document is:
>
> 1. Encrypt with your private key.  Since only you know your private
>    key, this is the proof that the document came from you.
> 2. Encrypt the result of 1 with the recipient's public key.
> 3. Send the result of 2 to the recipient.
>
> Only the recipient can decrypt this since decryption requires the
> recipient's private key.  After that, the recipient uses your public key
> to do the final decryption.

I think you're confusing encryption/decryption of content with signing
content and signature verification.  The scenario as described above
won't work because it's not possible to decrypt content with a public
key.

Encryption/decryption has to do with confidentiality, and digital
signatures have to do with authenticity.  If authenticity but not
confidentiality is required, it's sufficient for the sender to sign
the document with their private key.  The signature is then verified
by the recipient using the sender's public key.

If both authenticity and confidentiality are required, you would
encrypt _and_ sign the content.  It's also possible to sign the
content then encrypt it, which I believe is what you were alluding to
in steps 1 and 2 of your scenario.




More information about the svlug mailing list