CompTIA Security Plus Mock Test Q444

Which of the following is used by the recipient of a digitally signed email to verify the identity of the sender?

A. Recipient’s private key
B. Sender’s public key
C. Recipient’s public key
D. Sender’s private key

Correct Answer: B
Section: Compliance and Operational Security

Explanation:
When the sender wants to send a message to the receiver. It’s important that this message not be altered. The sender uses the private key to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The recipient uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic. Thus the recipient uses the sender’s public key to verify the sender’s identity.

Incorrect Answers:
A: The recipient’s private key is not required to check the identity of the sender.
C: The public key must be sent to the recipient by the sender, the recipient cannot use their own public key.
D: The sender must use the private key to create the digital signature.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 261