encryptionrsasigninglicense-key

What is the difference between encrypting and signing in asymmetric encryption?


What is the difference between encrypting some data vs signing some data (using RSA)?

Does it simply reverse the role of the public-private keys?

For example, I want to use my private key to generate messages so only I can possibly be the sender. I want my public key to be used to read the messages and I do not care who reads them. I want to be able to encrypt certain information and use it as a product-key for my software. I only care that I am the only one who can generate these. I would like to include my public key in my software to decrypt/read the signature of the key. I do not care who can read the data in the key, I only care that I am the only verifiable one who can generate them.

Is signing useful in this scenario?


Solution

  • When encrypting, you use their public key to write a message and they use their private key to read it.

    When signing, you use your private key to write message's signature, and they use your public key to check if it's really yours.

    I want to use my private key to generate messages so only I can possibly be the sender.

    I want my public key to be used to read the messages and I do not care who reads them

    This is signing, it is done with your private key.

    I want to be able to encrypt certain information and use it as a product key for my software.

    I only care that I am the only one who can generate these.

    If you only need to know it to yourself, you don't need to mess with keys to do this. You may just generate random data and keep it in a database.

    But if you want people to know that the keys are really yours, you need to generate random data, keep in it a database AND sign it with your key.

    I would like to include my public key in my software to decrypt/read the signature of the key.

    You'll probably need to purchase a certificate for your public key from a commercial provider like Verisign or Thawte, so that people may check that no one had forged your software and replaced your public key with theirs.