[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: secure sign & encrypt
The interesting thing is that there is nothing STOPPING an application
from doing this today. OpenPGP messages like the following are
perfectly legal syntax, even in 2440:
ESK [...] Enc { PreSig ESK [...] Enc { Literal { Message } } PostSig }
Go ahead and implement this. I'm fairly sure that most of the OpenPGP
Parsers out there will Do The Right Thing with this (I'm 99% sure that
PGP 6.5.x will do this, since I wrote that original parser code).
-derek
"Dominikus Scherkl" <Dominikus.Scherkl@xxxxxxxxxxxxxxx> writes:
> Hi.
>
> > Well, I intended it to become an atomic function.
> Nice. And how? Common public key cryptography doesn't provide
> algorithms to sign an encrypt in a single, undividable step.
>
> I see no other way than "encrypt, sign and encrypt" (ESE)
> to archive all cyptografic goals which seems inportant to me:
>
> Two goals require ES:
> - to ensure that the reciever cannot forward a message
> without destroying the signature or reveiling that it was
> originaly send to him for his eyes only we must sign after
> encryption.
> - to convince the receiver he was the original target we
> also need to first encryt and than sign.
>
> two further goals require SE:
> - to ensure the signature is not used for another message
> we must first sign than encrypt (else especialy for RSA
> there exist a choosen key attack).
> - to hide that you are sending signed messages you also need
> to do encryption as the very last step.
>
> The easiest way to archive all four is ESE, an it is worth
> the time cost of two encryptions, I think.
>
> Best Regards.
>
> --
> Dominikus Scherkl
> dominikus.scherkl@xxxxxxxxxxxxxxx
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@xxxxxxx PGP key available