RE: Signing before Encryption and Signing after Encryption
- From: "David Gillett" <gillettdavid@xxxxxxxx>
- Date: Wed, 22 Mar 2006 09:17:01 -0800
You're quite correct. I can think of cases where I'd want to
have the encrypted text signed (more often by a machine than by
a human...), but you've reminded me why that's not an acceptable
substitute for signing the plaintext.
IFF you do the encryption with Asymmetric keys, Alice can encrypt
the message with both Bob's public key and her own private key,
but we've already talked about why Symmetric keys are more commonly
used for encryption.
"Sign after encryption" allows for a message to be encrypted by
anyone who has the symmetric key, and signed by someone else; "sign
before encryption" confirms that Alice signed the text and we don't
care who encrypted it.
And actually, "sign before encryption" happens *invisibly* all the
time, as signed messages may travel across encrypted links and be
automatically decrypted before delivery.
I stand corrected.
David Gillett
-----Original Message-----
From: Gregory Rubin [mailto:grrubin@xxxxxxxxx]
Sent: Tuesday, March 21, 2006 6:53 PM
To: gillettdavid@xxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Signing before Encryption and Signing after Encryption
The problem with signing after encryption is that it is
possible to strip the signature off and claim a message as
your own. Consider the following situation (encrypted text
is signed, not the plain text).
Alice wants to authenticate herself to Bob, so she composes a
message with secret information, encrypts it to Bob's public
key, and then signs it with her private key and sends it off.
Mallory intercepts the message. She can't read the message,
but she can strip off the signature so she now just has the
message encrypted to Bob's key. She now signs the message
with her key and sends it on.
Bob now receives the secret information in an encrypted
message with a valid signature by Mallory. Ergo, he believes
that Mallory knows this secret information. This is a problem.
If the signature is on the plain text as opposed to the
private text, this attack fails.
Greg Rubin
On 3/21/06, David Gillett <gillettdavid@xxxxxxxx> wrote:
Signing requires a private key -- therefore, it *must* beexchange of
Asymmetric. Asymmetric is typically much slower than Symmetric, so
you get things like SSL that use Asymmetric to protect the
the Symmetric key used for actual payload encryption.blocked if the
Signing after encryption allows the signature to be verified
before/without decrypting the payload. There are a variety of
circumstances in which that could be useful, which are
signing is done first. I can't think of any where the opposite isand Signing
true.
David Gillett, CISSP
-----Original Message-----
From: shyaam@xxxxxxxxx [mailto:shyaam@xxxxxxxxx]
Sent: Tuesday, March 21, 2006 9:28 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Signing before Encryption and Signing after Encryption
Hello All,
I was asked a question in an interview. I would like to know more
about this. I am sorry if it is really basic question.
What are the tradeoffs between Signing before Encryption
when you useafter Encryption? Please do let me know on either case
Continuitya Symmetric Key and an Asymmetric key.
I am sure that this is a very basic question. I appologize again.
Kind Regards,
Shyaam
--------------------------------------------------------------
-------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The
Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business
----------------------------------------------------------------------Planning, Computer Emergency Response Teams, and Digital
Investigations.
http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
-------------
----- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE -ONLINE The
Norwich University program offers unparalleled Infosec managementconsulting experience.
education and the case study affords you unmatched
Tailor your education to your own professional goals with degreeInvestigations.
customizations including Emergency Management, Business Continuity
Planning, Computer Emergency Response Teams, and Digital
----------------------------------------------------------------------
http://www.msia.norwich.edu/secfocus
-----
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Follow-Ups:
- Re: Signing before Encryption and Signing after Encryption
- From: Gregory Rubin
- Re: Signing before Encryption and Signing after Encryption
- References:
- Re: Signing before Encryption and Signing after Encryption
- From: Gregory Rubin
- Re: Signing before Encryption and Signing after Encryption
- Prev by Date: Re: application for an employment
- Next by Date: RE: Signing before Encryption and Signing after Encryption
- Previous by thread: Re: Signing before Encryption and Signing after Encryption
- Next by thread: Re: Signing before Encryption and Signing after Encryption
- Index(es):
Relevant Pages
|
