Cryptography introduction: definition of signatures/certificates wrong

[felixauringer]

According to module 1, part 1, signatures are constructed by encrypting information with a secret key.

This explanation is wrong. Usually (see for example Introduction to Modern Cryptography by Katz/Lindell), a signature scheme consists of three algorithms:

• one for generating keypairs
• one for creating signatures
• one for verifying signatures

It is not possible to encrypt / decrypt anything with a signature algorithm!

For most asymmetric encryption schemes, using the encryption algorithm with the private key as signature algorithm is just not possible. This confusion probably comes from RSA where textbook encryption using the private key is indeed the textbook signature algorithm. However, textbook RSA is not secure and in reality the RSA signature algorithm is different from the RSA encryption algorithm. In the book by Katz/Lindell there is also an own paragraph explicitly explaining this mistake.

---

This course also mentions encrypted signatures.

Normally, the output of the sign function is called signature. This signature is the final output. This signature together with the public key can later be verified. The signature is usually not encrypted. Encrypting the signature would require the verifier to have an additional key to decrypt the signature again before verification.