Re: secure sign & encrypt

[Derek Atkins <derek@xxxxxxxxx>]

"vedaal" <vedaal@xxxxxxxxxxx> writes:

> Wouldn't that cause a CRC error, indicating that the message was tampered
> with?
> Or could a new CRC be calculated and included in the new re-encrypted
> message?

Which CRC do you mean?  Do you mean the armor CRC?  That's re-created.
Internally, the signature and encryption are completely separable.  If
you sign a message (note: NOT clearsigning), you would get the same
internal structure as you get when you sign and encrypt a message.
The only difference is that in the latter, when you encrypt, you take
the output from the signature transform and encrypt it, rather than
sending it to a file (or to ascii armor).

> Also, could the MDC be utilized to prevent such substitutions, by detecting
> alterations of any of the packets?

No, because the MDC could be recreated as well.  The MDC is tied to K
but has no signature associated with it to tie it to the actual
sender.

> Thanks,
> 
> vedaal
> 
> {i don't know,  so am asking}

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@xxxxxxxxx             www.ihtfp.com