- When using digital signatures with email:
- The sender’s private key encrypts (or signs).
- The sender’s public key decrypts.
- A digital signature provides authentication (verified identification) of the sender, nonrepudiation, and integrity of the message.
- Senders create a digital signature by hashing a message and encrypting the hash with the sender’s private key.
- Recipients decrypt the digital signature with the sender’s matching public key.
- When encrypting email:
- The recipient’s public key encrypts.
- The recipient’s private key decrypts.
- Many email applications use the public key to encrypt a symmetric key, and then use the symmetric key to encrypt the email contents.
- When encrypting web site traffic with SSL or TLS:
- The web site’s public key encrypts a symmetric key.
- The web site’s private key decrypts the symmetric key.
- The symmetric key encrypts data in the session.