Re: Signing and encrypting software

Jeffrey Goldberg wrote:

Noob wrote:

Consider a device which is supposed to run "trusted binaries",
id est "binaries which have been encrypted with AES-CBC, and
signed with RSASSA-PSS, as defined in PKCS#1 v2.1".

(The AES key is stored inside the device's chipset; the
public key is stored in read-only non-volatile memory.)

What is the purpose of verifying the signature. If it is to ensure that
only signed software runs, and so is checked every time the binary is
loaded, then the unencrypted binary should be what is signed.

The "trusted code" is stored encrypted in non-volatile memory.
Every time the device boots, it verifies that the signature is
correct (i.e. that the code has not been modified, right?) and
then it copies the decrypted binary to RAM.

If, however, it is really to verify a download or to check that only
signed binaries are installed, I suppose you could go either way. But my
(untrained) intuition (though I can't figure out why) is still to sign
first.

My untrained intuition was that order wouldn't matter, which
is why I came here to ask ^_^

Regards.
.