CompTIA Security Plus Mock Test Q1112

Which of the following is true about an email that was signed by User A and sent to User B?

A. User A signed with User B’s private key and User B verified with their own public key.
B. User A signed with their own private key and User B verified with User A’s public key.
C. User A signed with User B’s public key and User B verified with their own private key.
D. User A signed with their own public key and User B verified with User A’s private key.

Correct Answer: B
Section: Cryptography

Explanation:
The sender uses his private key, in this case User A’s private key, to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the
message to the receiver. The receiver (User B) uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is
authentic.
The receiver uses a key provided by the sender—the public key—to decrypt the message.

Incorrect Answers:
A: User A must sign with his own private key, not with User B’s private key.
C: User A must sign with his own private key, not with User B’s public key.
D: User A must sign with his own private key, not with his public key. User B’s cannot use the private (secret) key of User A.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 279-285