I am preparing for the Sec+, currently reading the book, "Mike Meyers .... Certification Passport"(book in question is irrelevant to the problem), In the cryptography chapter, topic-public key/asymmetric cryptography
It says
"the sender encrypts a message or file with the intended receiver’s public key. To decrypt this message, the receiver uses a private key that only she possesses
...offers a level of authentication and nonrepudiation"
This makes perfect sense to me. The sender would only use the receiver's public key (one key used in total to send). Next section reads,
(after sender encrypting with the private key) decrypting a message with a sender’s public key, the receiver knows this message came from the sender.
...The sender is authenticated
The "how it works"/implementation of this(^above) is a bit lost on me, but ive seen pgp-signed messages/commits, and know how to sign with my private key
i used the following to familiarize myself with it: https://stackoverflow.com/questions/14434343/how-to-encrypt-a-file-using-private-key-in-gpg
"Notice how the different combinations of key-pair encryption methods can provide different levels of information assurance, such as authentication, nonrepudiation, confidentiality, and integrity."
What happens if both parties combine their own private_key and the other one's public_key? i have definitely seen this somewhere, for end-to-end communications
How does GPG/asymmetric-encrypted messages to multiple reciepients work? (Assume you use their public keys) Do you use your own public or private key in conjunction with all of theirs?
is there any terse description(reputable source preferable) of what and quantifiable amounts of C/I/A these combinations provide?
i couldnt find the answer here or on the SEO-spam section of the internet
Thanks for the help in advance!
