Hello, I have clear the process to sign a document. You need a certificate made by a CA. You have a public and private key. With the private you sign and with the public the people open your signed document. When you sign a document a math algoritm process the file and then generate a hash, later with the private key this hash is encrypted. Finally I need to add (concat) this encrypted hash to the document.
Now, to open this document I need to separate the encrypt hash code from the document. And I need the public key to verify the validity of the document. This is very clear for me.
So.. The questions is... From where the people get the public key??? And how I check who sign the document??
Do I need to append my certificate to the document that I want to sing?? If It's true. Is that not insecure??? give my certificate to everyone??