Public key encrypt-then-sign or sign-then-encrypt?
Nicolas Williams
Nicolas.Williams at sun.com
Wed Apr 25 18:28:08 EDT 2007
On Wed, Apr 25, 2007 at 03:24:06PM -0300, Mads Rasmussen wrote:
> Jee Hea An, Yevgeniy Dodis and Tal Rabin claims that the order doesn't
> matter [2]. Encrypt-then-sign or sign-then-encrypt is equally secure.
> Is this really true? My feeling was that the principle from Krawczyk's
> paper should apply to the public key setting as well.
Instinctively sign-then-encrypt offers privacy protection: only the
intended receipient can verify the signature.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list