• 0 Posts
  • 3 Comments
Joined 1 year ago
cake
Cake day: August 17th, 2023

help-circle

  • In some instances of private/public key systems, this is done. It’s mainly for the purpose of ensuring the recipient knows who the sender was and also ensuring the sender knows who the recipient is.

    Quick primer: If you encrypt with your private key, everyone knows it was sent by you. If someone encrypts with your public key, they know you will receive it. Use your private key and someone’s public key together and you know only that person got it.

    In practice, lately another step is added to negotiate a third temporary/session key. This ensures keys aren’t used forever, and if compromised a new one can be generated. This is more secure than encrypting twice, because you never know what data is sensitive and picking the wrong one requires the attacker to start from scratch.