Score:0

Why a private key is used to encrypt hash in digital signing

in flag

In common RSA encryption, a public key is used to encrypt message, and private key decrypts it. However, in digital signing, it's the other way around: Bob hashes his message, then encrypts the hash with his own private key, Alice uses Bob's public key to decrypt the encrypted hash.

What is the purpose of this opposition? Or It doesn't matter which key to encrypt/decrypt?

kelalaka avatar
in flag
Welcome to Cryptography.SE We have lots of Q/A about this. If you search, you will find your answer and learn many other aspects on this subject. Note that it is merely on RSA that can be used to encrypt and sign. And don't forget that RSA sign!=decryption.
kelalaka avatar
in flag
keyword to search: RSA sign and decryption...
Lê Thành Vinh  avatar
in flag
I don't find useful info when searching with the whole sentence. I'm trying key words search then. Thanks for your suggestion.
Maarten Bodewes avatar
in flag
With RSA you are using modular exponentiation, but you are by definition not encrypting anything. Encryption is used to provide confidentiality, which you obviously do not do if you can "decrypt" with the **public** key. In the latest version of RSA they made pretty clear that there are differences between [RSASP1](https://datatracker.ietf.org/doc/html/rfc8017#section-5.2.1) and [RSAEP](https://datatracker.ietf.org/doc/html/rfc8017#section-5.1.1), even though **in theory** the operation is just modular exponentiation. [Here](https://crypto.stackexchange.com/q/15997/1172) is my extended answer.
kelalaka avatar
in flag
Does this answer your question? [Is RSA encryption with a private key the same as signature generation?](https://crypto.stackexchange.com/questions/15997/is-rsa-encryption-with-a-private-key-the-same-as-signature-generation)
Score:0
in flag

In asymmetric cryptography, it does matter which key we use to encrypt and which key we use to decrypt. From a high level, we want everybody to be able to encrypt so a public key is used for encryption. But we only want a certain party to decrypt (usually the party who created the key pair) so a private key is used for decryption. In other words, in the case of encryption/decryption, it's decryption that is the critical operation since it exposes what we're trying to hide - the plaintext.

Signing is the opposite. We want to restrict who can sign so a private key is used for signing. Remember, signing is like claiming responsibility or approval for a contract. So only the relevant party should be able to sign. Otherwise, we're allowing for forgery. Verifying the signature is not critical. In other words, everyone should be able to verify a signature, hence we use a public key for signature verification. In a public key system, the fact that a private key can only belong to one party gives us the extra benefit of non-repudiation. That is, no party who signed can deny that later, since they're the only party who possess the private key

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.