We want authentication ie -> the source written in the received message should be the actual real source that sent the message. ->information should not be altered in the way (data integrity) So to support this, book does this. But I can’t realize how it is helping authentication? How do we know the source in the received message is actual source? (You might say by comparing the received hash and computed hash of received email message) but that I can’t feel it how. Leaving PGP aside, What is the best way in real life to know that the message is sent to me by someone whom I know? Maybe if we have some well established secret code between us. authentication means-: 1) when information is received from a source, authentication means that source is indeed as alleged in the information. 2) information was not altered along the way. this authentication is also referred to as maintaining data integrity. RSA at sender-: with sender's private key My genuine questions(I am aware about symmetric and assymetric encryption-here the text explicity said public key for encryption and private key for decryption. Any scientific reason behind that) { Why not use sender's public key here? Why not use receiver's private key here? Why not use receiver's public key here? } RSA at receiver-: with sender's public key. { Why not use sender's private key here? Why not use receiver's private key here? Why not use receiver's public key here? }