If the goal is to demonstrate that you are who you say you are, I think the foll
ID: 648178 • Letter: I
Question
If the goal is to demonstrate that you are who you say you are, I think the following will work: Bob wants to know that you are Amy. Bob encrypts a number using Amy's public key and then asks her what that number is. If Bob gets back the number, "Amy" at least had Amy's private key.
From what I have read, this is not what signing a document using RSA is. It is clear that it requires more emails to be exchanged; but is the fundamental idea different from Bob encrypting using Amy's public key and wanting to get back the correct decrypted message?
Explanation / Answer
You've got the vague idea about it, but you've mixed up some terms (you say Bob uses Amy's private key in your first paragraph when I think you meant to say public key; if Bob has Amy's private key it's all over for her).
Also, if it was Bob sending Amy the message, Amy would be trying to verify it was truly Bob who sent her that message, not the other way around.
The number that Amy would be verifying would normally be the result of a hash function of the document minus the signature sent (which technically is a number). Amy would calculate the number for herself using the document, then compare it to the decrypted result of the signature to see if they matched. If they did, then you know it's both from Bob and the document hasn't been tampered with