Signature with private key

Question

My understanding is

1. for encryption : I use my recipient's PUBLIC KEY to encrypt my message. He will use his PRIVATE KEY to read my message (only HE can do this) => OK with that

2. for signing : I use my PRIVATE KEY (since no one has it, it proves my identity). But if my recipient use my PUBLIC KEY, every one could do the same and read my message ! Can anyone explain this ?

Then, I thought that what I should do is

1. I SIGN my message with my PRIVATE KEY => it proves my identity

2. I ENCRYPT the result of step 1 using my recipient's PUBLIC KEY => to avoid anyone reading it

3. HE decrypt with his PRIVATE KEY => only he can do this

4. HE check my identity with MY PUBLIC KEY

Is that correct ?

Answer 1

Your second guess is not bad.

Usually the way is the following for signing (not encryption):

1. Calculate a hash (eg SHA256) of your message that has to be signed.
2. Sign this hash (ie use your private key for RSA encryption)

That's it. Transfer the plain message and the signed hash to anyone. The message is not encrypted and therefore readable for all recipients. With the help of your public key everyone can decrypt the hash, calculate his or her own hash of your message and as long as both hashes (the self calculated and the signed and decrypted one) are equal, the signature is valid and the message has not beed changed after you have signed it.

In case your message has to be encrypted as well you usually do not use RSA, because it is to slow and to inflexible for larger messages (that means larger than the modulus of the private key, eg 2048 bit).

Use a symetric algorithm like AES CBC for the encryption of the message. The coincidentally generated key for encryption can be encrypted with the public key of your recipient and then be transfered.

To sum up signing and encryption using RSA with SHA256 (signature) and AES CBC (encryption): 1. Calculate a SHA256 hash H of your message M. 2. Sign H with your public key, ie encrypt H with your RSA private key. That is your signature S. 3. Generate a random key K. 4. Encrypt M with AES CBC to get the encrypted message M'. 5. Encrypt K with the public key of your recipient to get K'. 6. Send K', your signature S and M' to your recipient.

Only the recipient can undo all steps:

1. Decrypt K' with private key of the recipient to get K (RSA).
2. Decrypt M' with K (AES CBC) to get the message M.
3. Decrypt S with your public key (RSA) to get H.
4. Calculate a SHA256 hash of M.
5. Compare the calculated hash of step 4 with H (from step 3). If both are equal, the signature is verified successfully.