RE: Signing before Encryption and Signing after Encryption

---

• From: "David Gillett" <gillettdavid@xxxxxxxx>
• Date: Wed, 22 Mar 2006 13:23:50 -0800

---

Does non-repudiation require anything more than assurance that the
private key (a) MUST have been used, and (b) HASN'T been compromised?
Are you just alluding to the measures which support those assertions,
or to some additional requirement(s) that escapes me?

[If your private key isn't really private, all bets are off.]

David Gillett

-----Original Message-----
From: Craig Wright [mailto:cwright@xxxxxxxxxxxxx]
Sent: Wednesday, March 22, 2006 12:56 PM
To: gillettdavid@xxxxxxxx; shyaam@xxxxxxxxx;
security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Signing before Encryption and Signing after Encryption


True, but the argument was not one as to which is the better method.
There are several secure hashing algorithms.


Further there is more to verification to source than just
asymmetric keys. Non-repudiation is a complex field in itself
and requires a entire range of associated infrastructure.

Regards
Craig

-----Original Message-----
From: David Gillett [mailto:gillettdavid@xxxxxxxx]

Sent: 23 March 2006 4:32
To: Craig Wright; shyaam@xxxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Signing before Encryption and Signing after Encryption

The property that a hash match is supposed to verify (is
this copy the same as the original) is not quite the same as
the property that a signature verifies (did this document
come from that source). There
*are* many applications where one is an acceptable
alternative to the other.

However, there have been numerous news items in the last 18
months about the feasibility of engineering hash collisions
with several popular algorithms; hashing must be assumed to
provide weaker verification of its property than might have
been previously assumed.
(For now, I've recommended that folks using tools that don't yet do
SHA-256 or better should use *both* MD5 and SHA-1 -- I don't
think anyone has yet described an engineered collision that
works with both.)


Engineering hash collisions is apparently easier than
compromising a properly-secured private key used in a good
asymmetric algorithm.

David Gillett

-----Original Message-----
From: Craig Wright [mailto:cwright@xxxxxxxxxxxxx]
Sent: Tuesday, March 21, 2006 8:03 PM
To: gillettdavid@xxxxxxxx; shyaam@xxxxxxxxx;

security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Signing before Encryption and Signing after Encryption

Hello,
Just to be difficult....

David stated "Signing requires a private key". This is

correct through

feasibility, but it is not technically correct as there are

signature

schemes that only require symmetric keys. Signing with

symmetric keys

is a lot more complex and thus more prone to error and has

a range of

key management issues. This does not mean that it is not possible.

In fact there are scheme to sign a message using only Hashing

algorithms. The simplest of these is to hash the document and keep a

list of document hashes (similar to software). A user could

check the

list to see if the message was valid or if tampering had occurred. A

third party could keep the hash tables to ensure that the

lists where

accurate.

So signing does not require a private key - it just makes it easier.
Next it also depends on non-repudiation/repudiation issues.

It is easy to sign a document and have a verification that it is

unaltered but with no proof that the original signer could not come

back and accuse the receiver of forging the document.

An example symmetric scheme could be:

Alice encrypts a message using a symmetric key known to Bob

(and Alice

only)
Alice hashes the encrypted message

Alice encrypts the (encrypted) message and hash using a

symmetric key

known to Jim but unknown to Bob Bob receives the hashed and

encrypted

message.

If Bob alters the message - the hash will not work. Alice

can not lie

as Jim has a copy.
Key management is a bugger, but still possible (though unlikely)

ANSI X9.17 Notarised Symmetric Keys may be used to sign.

Regards
Craig S Wright

PS There are also hybrid ciphers for signing which are based on a

combination of all the above - but this for another post

-----Original Message-----
From: David Gillett [mailto:gillettdavid@xxxxxxxx]

Sent: 22 March 2006 6:21
To: shyaam@xxxxxxxxx; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Signing before Encryption and Signing after Encryption

Signing requires a private key -- therefore, it *must* be

Asymmetric.
Asymmetric is typically much slower than Symmetric, so you

get things

like SSL that use Asymmetric to protect the exchange of the

Symmetric

key used for actual payload encryption.

Signing after encryption allows the signature to be verified

before/without decrypting the payload. There are a variety of

circumstances in which that could be useful, which are

blocked if the

signing is done first. I can't think of any where the opposite is

true.

David Gillett, CISSP

Liability limited by a scheme approved under Professional Standards

Legislation in respect of matters arising within those States and

Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is

confidential. If you are not the intended recipient, you

must not use

or disclose the information. If you have received this

email in error,

please inform us promptly by reply email or by telephoning

+61 2 9286

5555. Please delete the email and destroy any printed copy.

Any views expressed in this message are those of the individual

sender. You may not rely on this message as advice unless

it has been

electronically signed by a Partner of BDO or it is subsequently

confirmed by letter or fax signed by a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its

attachments due to viruses, interference, interception,

corruption or

unauthorised access.

--------------------------------------------------------------
----------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec
management education and the case study affords you unmatched
consulting experience.

Tailor your education to your own professional goals with
degree customizations including Emergency Management,
Business Continuity Planning, Computer Emergency Response
Teams, and Digital Investigations.


http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
----------
---


Liability limited by a scheme approved under Professional
Standards Legislation in respect of matters arising within
those States and Territories of Australia where such
legislation exists.

DISCLAIMER
The information contained in this email and any attachments
is confidential. If you are not the intended recipient, you
must not use or disclose the information. If you have
received this email in error, please inform us promptly by
reply email or by telephoning +61 2 9286 5555. Please delete
the email and destroy any printed copy.


Any views expressed in this message are those of the
individual sender. You may not rely on this message as advice
unless it has been electronically signed by a Partner of BDO
or it is subsequently confirmed by letter or fax signed by a
Partner of BDO.

BDO accepts no liability for any damage caused by this email
or its attachments due to viruses, interference,
interception, corruption or unauthorised access.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

---

• References:
  • RE: Signing before Encryption and Signing after Encryption
    • From: Craig Wright

• Prev by Date: RE: Signing before Encryption and Signing after Encryption
• Next by Date: FTP hack of two web sites
• Previous by thread: RE: Signing before Encryption and Signing after Encryption
• Next by thread: RE: Signing before Encryption and Signing after Encryption
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Signing before Encryption and Signing after Encryption ... If both asymmetric keys are used, the private key needs to be ... This only works if the encryption is NOT transitive, ... If the signing is done over the whole message and not just the ... hash of the message with your private key. ... (Security-Basics) RE: Signing before Encryption and Signing after Encryption ... the private key to the entity it is supposed to represent. ... Signing before Encryption and Signing after Encryption ... can get a verisign certificate calling myself Bill Gates. ... (Security-Basics) Re: Signing before Encryption and Signing after Encryption ... Encrypting with a private key is equivalent to signing it (and is ... IFF you do the encryption with Asymmetric keys, Alice can encrypt ... (Security-Basics) Re: X509 Certificate Help ... or Personal store? ... I work with Signing ... >Encryption of SOAP Message using same Key's and at same location. ... >Error is Private Key not available. ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: RSA breaking vs. factoring ... affects the two possible usages of RSA both for encryption (first public, ... then private key) and for signing ... are identical to encryption, in reverse order. ... Digital signature generation takes an input message (which may be quite ... (sci.crypt)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)