Signatures and encryption headers



Hi,

Let say I have a payload of data I want to encrypt and sign.

The system support various formats for encryption, such as different
cipher, chaining mode, usage of session key etc...

So I create an encryption header that basically include:
- The payload size
- Which cipher and chaining mode are used.
- An encrypted session key
- An IV
- A key index that indicate the recipient which key to uses to decrypt
- Some parameters used to derive the real key used
- etc...

So the clear payload is signed, then its encrypted.
The encryption header, payload and signatures are sent to the
recipient.

Now the question is: should this header be signed too ? Or is it
unnecessary ?

I say its unnecessary as long as the recipient validate properly the
parameters. Whatever an attacker might change in the encryption
header, will change the decrypted payload and will cause the signature
check to fail.

Other people might say that the recipient should not do any
computation with any data that has not been signed. That it might be
possible to exploit the header to cause a fault in the recipient that
might cause him to do something bad...

Whats your take on this ? Should the encryption header be signed or
not ?


Thanks


.



Relevant Pages

  • Re: Signatures and encryption headers
    ... Let say I have a payload of data I want to encrypt and sign. ... The system support various formats for encryption, ... A key index that indicate the recipient which key to uses to decrypt ... The encryption header, payload and signatures are sent to the ...
    (sci.crypt)
  • Re: Signatures and encryption headers
    ... you don't need to sign header values, ... and payload signature check will fail. ... on the level after decryption, you do not worry about this. ... The encryption header only includes the information required ...
    (sci.crypt)
  • Re: Signatures and encryption headers
    ... payload and signatures are sent to the ... cryptographicattacks. ... finalize the hash and check the signature. ... But then this mean you would be using the encryption header before you ...
    (sci.crypt)
  • Re: Signatures and encryption headers
    ... There is no notion of time in the encryption header. ... to decrypt the payload. ... A key index that indicate the recipient which key to uses to decrypt ...
    (sci.crypt)
  • Re: Signatures and encryption headers
    ... Let say I have a payload of data I want to encrypt and sign. ... The system support various formats for encryption, ... Which cipher and chaining mode are used. ... A key index that indicate the recipient which key to uses to decrypt ...
    (sci.crypt)