Re: Signing and encrypting software



"Noob" wrote in message news:j5cr87$9r$1@xxxxxxxxxxxxxxxx

Once the binary has been generated, should it be encrypted
and then signed? Or signed and then encrypted? Or something
else altogether ?

The general method is to look at what is actually meant by the signature. Signing before encrypting makes the statement that the decrypted content is correct and accurate. Encrypting before signing makes the statement that the encrypted data is transferred correctly and that the encrypted data has remained unmodified since signing. Which statement is correct for your situation?

Its also worth repeating, if this is something with any amount of money involved, get a professional to at least review your work. The professional review will of course cost some time, but avoiding the massive number of potential errors is worth the money.
Joe

.



Relevant Pages

  • Re: PGP Lame question
    ... > I think the main reason for signing then encrypting hasn't been stated ... > There is a potentially serious attack when an encrypted message is ... > In particular, if say Alice is signing an encrypted messages for Bob, ...
    (sci.crypt)
  • Re: Remote signing of large files
    ... about 'Remote signing of large files': ... the signing of this message digest. ... [Encrypting with the private key allows anyone ... of the private key, or that the private key has been compromised.] ...
    (Debian-User)
  • Re: public key
    ... What is the difference between signing and encrypting? ... meaningful dialogue and you can snip out what is not meaningful too. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: PGP Lame question
    ... > One of PGP feature is "encrypting and signing" files. ... There is a potentially serious attack when an encrypted message is ... In particular, if say Alice is signing an encrypted messages for Bob, ...
    (sci.crypt)
  • Re: public key
    ... thunderbird which can hel you all this. ... What is the difference between signing and encrypting? ... Encryption of outgoing document is done by recipients public key so ...
    (Debian-User)