Super-Encryption
Ben Laurie
ben at algroup.co.uk
Tue Dec 16 13:44:59 EST 2003
mlong at bridgetonconsulting.com wrote:
> Quoting Ben Laurie <ben at algroup.co.uk>:
>
>
>>I don't see any value added by cipher1 - what's the point?
>
>
> The message is encrypted, i.e, cipher1, then cipher1 is encrypted yeilding
> cipher2.
>
> Since symmetric_key1 of cipher1 is RSA_Encrypt(sender's private key), access
> to sender's public key can decrypt cipher1(must be *this* sender).
>
> Since symmetric_key2 of cipher2 is RSA_Encrypt(receiver's public key), only
> the receiver can decrypt cipher2.
>
> As was pointed out to me, the process of decrypting cipher2, yields an
> encrypted message, i.e., cipher1, that can forwarded on behalf of the original
> sender. This is not necessarily undesirable. However, SHA1(message) is to
> ensure that cipher1 has not be altered in transport. Therefore, the receiver
> knows three items.
> (1) The sender who originated the message.
> (2) The receiver is the intended receiver.
> (3) The message was not altered during transport.
Yes, but you could know all this from cipher2 and RSA of SHA1(message),
so I still don't see what value is added by cipher1.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list