From: "Antti Kurenniemi" 

Thanks, Rich.


Antti Kurenniemi
(oh, and *I* have read as text set in bot OE and Outlook ;-)


"Rich"  wrote in message news:406d984d{at}w3.nls.net...
   Signing of an email is like signing of other types of data.  A hash is
calculated of the content being signed and that has is encrypted with the
senders private key.  The recipient verifies this by decrypting the hash
with the public key and comparing it to a hash he calculates.  There are
some other rules for verification of S/MIME like comparing the sender to
the subject in the signing certificate.  There are probably others.  You
should look up the S/MIME RFCs for more.   A good place to start for email
related
standards is www.imc.org.  If you are interested in more info on public key
crypto, the RSA web site may be a good start.

   I think any paranoia about signed trojans is extremely overrated.  No
matter what George may prefer, virtually no one uses read as text and
virtually no one has an email cert.  The intersection is even smaller. 
Take your concern about yourself.  Do you have an email cert on your
machine?  If you do, where is the private key stored?

Rich

--- BBBS/NT v4.01 Flag-5