210-250 · Question #185
Which one of the following encryption methodologies allows you to maintain the privacy of an email communication, and ensure the origin of the message using PGP?
The correct answer is B. Encrypt the message with your private key, and again with the destination's public key, so that the. PGP achieves both confidentiality and origin authentication by combining asymmetric operations - signing with the sender's private key and encrypting with the recipient's public key.
Question
Which one of the following encryption methodologies allows you to maintain the privacy of an email communication, and ensure the origin of the message using PGP?
Options
- AEncrypt the message with your public key and send your private key to the destination in a
- BEncrypt the message with your private key, and again with the destination's public key, so that the
- CEncrypt the message with your public key, and again with the destination's private key, so that the
- DEncrypt the message with the destination's private key so that the recipients can decrypt it with
How the community answered
(28 responses)- A7% (2)
- B82% (23)
- C4% (1)
- D7% (2)
Why each option
PGP achieves both confidentiality and origin authentication by combining asymmetric operations - signing with the sender's private key and encrypting with the recipient's public key.
Sharing your private key with anyone destroys the entire trust model of asymmetric cryptography, as your private key must remain secret at all times.
Encrypting first with your private key creates a digital signature that proves origin, since only you possess your private key. Encrypting again with the destination's public key ensures only the intended recipient - who holds the matching private key - can decrypt and read the message, achieving both authentication and confidentiality as designed in the PGP standard.
You do not have access to the destination's private key; encrypting with the destination's private key would mean anyone with the destination's public key could decrypt it, providing no confidentiality.
Encrypting with the destination's private key is impossible in practice since you never possess another party's private key, and this approach would provide no origin authentication.
Concept tested: PGP dual encryption for confidentiality and authentication
Source: https://www.rfc-editor.org/rfc/rfc4880
Topics
Community Discussion
No community discussion yet for this question.