How does differ openssl signing and encrypting programmatically

Question

There is this question on SO:

What is the difference between encrypting and signing in asymmetric encryption?

My question is not a duplicate. I am asking if there is difference between two programmatically.

I have an openssl C++ API to sign and verify a message. Let say two functions:

sign

verify

Let say two sides who interchange messages are A and B.

Currenlty sign function uses A_privateKey, and verify function uses B_publicKey.

Now, I want to encrypt some part of the message.

So, could I do it just using sign function with B_publicKey?

Or the algorithm to encrypt is totally different and I need to implement a new function?

Or with some modification in sign function (removing generating hash, for ex) does it just work?

Answer 1

Now, I want to encrypt some part of the message.
So, could I do it just using sign function with B_publicKey?

The output of the sign function is an encrypted hash of the original message. If "A" were to tranmit the output of sign as you describe, the only thing B could do is decrypt it back to the hash of the original message. He wouldn't have the actual message.

Because assymetric encryption can be a very computationally expensive operation that doesn't scale well for long messages, the standard pattern is this:

• Alice generates a message she wants to send to Bob.
• Alice generates a symmetric key first
• Alice encrypts the message with this symmetric key.
• Alice encrypts the symmetric key with Bob's public key
• Alice transmits the encrypted message and encrypted key to Bob.

Then Bob does this:

• Bob receives both the message that was symmetrically encrypted and the assymetrically encrypted key.
• Bob decrypts the symmetric key with his public key
• Bob uses the symmetric key to decrypt the encrypted message

There's probably a ton of other security principals missing as well, but the above is the general idea.