Which of the following is true about an email that was signed by User A and sent to User B?

A.
User A signed with User B’s private key and User B verified with their own public key.

B.
User A signed with their own private key and User B verified with User A’s public key.

C.
User A signed with User B’s public key and User B verified with their own private key.

D.
User A signed with their own public key and User B verified with User A’s private key.

Explanation:
The sender uses his private key, in this case User A’s private key, to create a digital signature. The
message is, in effect, signed with the private key. The sender then sends the message to the receiver. The
receiver (User B) uses the public key attached to the message to validate the digital signature. If the
values match, the receiver knows the message is authentic.
The receiver uses a key provided by the sender—the public key—to decrypt the message.
Incorrect Answers:
A: User A must sign with his own private key, not with User B’s private key.
C: User A must sign with his own private key, not with User B’s public key.
D: User A must sign with his own private key, not with his public key. User B’s cannot use the private
(secret) key of User A.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 279-285