undefined | Better HN

0 pointsjolmg6y ago0 comments

> The sender encrypts a message with the sender's priv key and the recipient's pub key.

You just need the recipient's public key to encrypt. Are you thinking about the sender adding a cryptographic signature, too?

> The recipient decrypts the message with the the sender's pub key and the recipient's priv key.

You don't need the sender's public key, just the recipient's private key to decrypt. Though, if there's also a cryptographic signature from the sender, then you would need the sender's public key to verify the signature.

0 comments

groovybits6y ago

I was attempting to explain in a simplified manner, since OP said that they did not know much about email encryption. But if you want to be semi-technical about it:

Both the sender's and recipient's public keys are required to calculate a shared secret. That shared secret is then used to encrypt the message. The recipient's priv key is used to decrypt the message.

Edit: Validating a digital signature is typically part of the process when using all-in-one software (eg: Thunderbird's Enigmail extension). That is why I mention the use of private keys. Again, an oversimplification on my part in response to OP's statement "Is encryption on emails that I have received controlled by the sender?", which is false.

See: https://tools.ietf.org/html/rfc4880#section-2.1

thomastjeffery6y ago

Yes, that is the detail that was glossed over.

The difficult part is for the sender to get a copy of the recipient's public key. In practice, a sender will always sign with their private key, since they can just send a copy of their public key with the message.

I think GP thought it necessary to give a complete example, but not a complete explanation.

j / k navigate · click thread line to collapse