RE: Signing before Encryption and Signing after Encryption

I don't understand how a signature can work with a shared key. If two
people share a key, how can you tell which one of them signed it?

-----Original Message-----
From: Gregory Rubin [mailto:grrubin@xxxxxxxxx]
Sent: Wednesday, March 22, 2006 12:55 PM
To: Craig Wright
Cc: gillettdavid@xxxxxxxx; shyaam@xxxxxxxxx;
security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Signing before Encryption and Signing after Encryption

True. Signatures don't really require asymmetric keys. An example of this
is an HMAC and variants thereof. Right now, I'm commonly signing URLs using
the following system (so I have no excuse for forgetting
it):

BaseUrl = http://www.foo.com/one/two?three=four
Secret = SharedSecret
Signature = md5(Secret + BaseURL)

New URL = BaseURL + "&hash=" + Signature

Greg Rubin

On 3/21/06, Craig Wright <cwright@xxxxxxxxxxxxx> wrote:

Hello,
Just to be difficult....

David stated "Signing requires a private key". This is correct through
feasibility, but it is not technically correct as there are signature
schemes that only require symmetric keys. Signing with symmetric keys
is a lot more complex and thus more prone to error and has a range of
key management issues. This does not mean that it is not possible.

In fact there are scheme to sign a message using only Hashing
algorithms. The simplest of these is to hash the document and keep a
list of document hashes (similar to software). A user could check the
list to see if the message was valid or if tampering had occurred. A
third party could keep the hash tables to ensure that the lists where
accurate.

So signing does not require a private key - it just makes it easier.
Next it also depends on non-repudiation/repudiation issues. It is easy
to sign a document and have a verification that it is unaltered but
with no proof that the original signer could not come back and accuse
the receiver of forging the document.

An example symmetric scheme could be:

Alice encrypts a message using a symmetric key known to Bob (and Alice
only)
Alice hashes the encrypted message
Alice encrypts the (encrypted) message and hash using a symmetric key
known to Jim but unknown to Bob Bob receives the hashed and encrypted
message.

If Bob alters the message - the hash will not work. Alice can not lie
as Jim has a copy.
Key management is a bugger, but still possible (though unlikely)

ANSI X9.17 Notarised Symmetric Keys may be used to sign.

Regards
Craig S Wright

PS There are also hybrid ciphers for signing which are based on a
combination of all the above - but this for another post


-----Original Message-----
From: David Gillett [mailto:gillettdavid@xxxxxxxx]
Sent: 22 March 2006 6:21
To: shyaam@xxxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Signing before Encryption and Signing after Encryption

Signing requires a private key -- therefore, it *must* be Asymmetric.
Asymmetric is typically much slower than Symmetric, so you get things
like SSL that use Asymmetric to protect the exchange of the Symmetric
key used for actual payload encryption.

Signing after encryption allows the signature to be verified
before/without decrypting the payload. There are a variety of
circumstances in which that could be useful, which are blocked if the
signing is done first. I can't think of any where the opposite is true.

David Gillett, CISSP


Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is
confidential. If you are not the intended recipient, you must not use or
disclose the information. If you have received this email in error, please
inform us promptly by reply email or by telephoning +61 2 9286 5555. Please
delete the email and destroy any printed copy.

Any views expressed in this message are those of the individual sender.
You may not rely on this message as advice unless it has been electronically
signed by a Partner of BDO or it is subsequently confirmed by letter or fax
signed by a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its
attachments due to viruses, interference, interception, corruption or
unauthorised access.

----------------------------------------------------------------------
----- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The
Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning, Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------
-----



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and the
case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Digital Signatures and signing the PDF dcouments
    ... Digital Signatures can be added to the PDF documents. ... Many Digital Signature solutions allow documents of PDF format to be ... Digital signing solution can also be used to encrypt the ... encryption into Business to Consumer applications in verticals ...
    (sci.crypt)
  • Re: Signing before Encryption and Signing after Encryption
    ... Signature = md5 ... David stated "Signing requires a private key". ... schemes that only require symmetric keys. ... Signing before Encryption and Signing after Encryption ...
    (Security-Basics)
  • Re: Signing before Encryption and Signing after Encryption
    ... The problem with signing after encryption is that it is possible to ... strip the signature off and claim a message as your own. ... Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)
  • Re: About RSA implementation
    ... isn't this why we can sign with our private key, and the receiver can decrypt our signature with our public one? ... requirements for padding signatures are completely ... of signing as "encryption with the public key".. ...
    (sci.crypt)
  • Re: RSA breaking vs. factoring
    ... affects the two possible usages of RSA both for encryption (first public, ... then private key) and for signing ... are identical to encryption, in reverse order. ... Digital signature generation takes an input message (which may be quite ...
    (sci.crypt)