[obrhubr]

Thanks for the feedback, appreciate it. I wanted this to more entertaining than informative, but I understand why this might mislead.

- I agree that the section on pkcs#1 is at this point irrelevant, I left it in just to mention that fact. But I will probably take it out now :)

- Concerning the part of misusing RSA: My understanding is that you usually append the signature at the end, after a copy of the data which is not done here. I believe they are misusing it here because no library for RSA supports this use case, to decrypt using a public key you always have to provide the message and signature. This isn't possible here because the message is encrypted. So I think they are misusing RSA.

[zoover2020]

Agree on the crypto stuff, it's easy to get things wrong or share wrong information. Perhaps you can peer review in the future to avoid.

Nonetheless, please keep writing! It was an entertaining read for me.

Salutations du Luxembourg :-)

[obrhubr]

Thank you very much! Salut d'Autriche :)

[Ronnie76er]

Check out the RSA spec here: https://datatracker.ietf.org/doc/html/rfc8017#section-8.2.2. It's still verification, because all you need is a message and a signature. The message can be constructed from the data in the diploma, presumably. It's just, it's not disclosed to you how to construct the message (maybe it is online somewhere). So a verifier could construct the same message you decrypted, and then run the verification function.