In the described scenario, Emma uses the recipient's public key to encrypt the message.

The important idea here is the difference between encrypting for confidentiality and signing for authentication. Encrypting with the recipient’s public key is used when you want only the intended recipient to read the message. In that setup, the recipient uses their private key to decrypt, and the sender’s actions don’t prove who sent the message. If the scenario’s goal is to verify who authored the message or to guarantee its integrity, you wouldn’t encrypt with the recipient’s public key. Instead, the sender would sign with their own private key, and the recipient would verify that signature using the sender’s public key. This provides non-repudiation and authentication. So, using the recipient’s public key to encrypt the message does not establish the sender’s identity, which is why this statement is not correct in the context where authentication or non-repudiation is the goal.