Re: Signatures and encryption headers



On Nov 5, 2:05 am, "John E. Hadstate" <jh113...@xxxxxxxxxxx> wrote:
"Fabrice" <fabrice.gaut...@xxxxxxxxx> wrote in message

news:e9fd21cc-4b03-4182-9073-a66c3b6440c9@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# Anyway, the sign-then-encrypt or
# encrypt-then-sign is definitely part
# of the problem.

# I think I would favor sign the plaintext.
# After all this is what I want to
# authenticate, not some random looking bits.

Encrypt, then sign the whole message, including the unencrypted
header.

But why? It seems that many application do it the other way around.

For example, we where talking about PGP earlier, and I dont see them
signing the session key for example.

Quoting RFC 2440 (end of section 2.1):
" Both digital signature and confidentiality services may be applied
to
the same message. First, a signature is generated for the message and
attached to the message. Then, the message plus signature is
encrypted using a symmetric session key. Finally, the session key is
encrypted using public-key encryption and prefixed to the encrypted
block."

They do encrypt the signature, but they do not sign the encryption
session key.


-- Fabrice




.



Relevant Pages

  • Re: Tightly stuffed crypto framing
    ... There are statements that using RSA directly to encrypt data is ... Signing only the plaintext thus would allow ... the attacker to decrypt the packages, ... retransmit them without breaking the signature. ...
    (sci.crypt)
  • Tightly stuffed crypto framing
    ... There are statements that using RSA directly to encrypt data is ... I also need to sign the plaintext _and_ ciphertext. ... retransmit them without breaking the signature. ... The nonce mainly serves the purpose that the short ...
    (sci.crypt)
  • Re: Encrypt data
    ... because the Java code you provided is NOT RSA encryption but it ... is RSA signature generation/verification code. ... 3DES key) to encrypt any amount of data. ...
    (microsoft.public.platformsdk.security)
  • Re: Encrypt data
    ... the signature ... bytes exactly for a 1024 bit RSA key). ... public key. ... 3DES key) to encrypt any amount of data. ...
    (microsoft.public.platformsdk.security)
  • Re: Encrypt data
    ... You don't 'decode' a signature. ... bytes exactly for a 1024 bit RSA key). ... public key. ... 3DES key) to encrypt any amount of data. ...
    (microsoft.public.platformsdk.security)