Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies
my signature using my ______ key.

A.
Private / Public

B.
Public / Private

C.
Symmetric / Asymmetric

D.
Private / Symmetric

Explanation:
A digital signature is a hash value that was encrypted with the sender’s private key. The recipient uses the
sender’s public key to verify the digital signature.
Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a
public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and
one public. To create a digital signature, signing software (such as an email program) creates a one-way hash
of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash —
along with other information, such as the hashing algorithm — is the digital signature. The reason for encrypting
the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a
fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.
Incorrect Answers:
B: A private key, not a public key is used in a digital signature. The sender is the only person in possession of
the private key. The public key can be freely distributed. The recipient uses the public key to verify the digital
signature which authenticates the sender.
C: Symmetric / Asymmetric are two different types of encryption methods; they are not used together to encrypt
or sign a message.
D: A private key is used with a public key in asymmetric cryptography. A shared key is used in symmetric
cryptography. Private and Symmetric keys are not used together to encrypt or sign a message.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 829http://searchsecurity.techtarget.com/definition/digital-signature