[Cryptography] Does PGP use sign-then-encrypt or encrypt-then-sign?
ianG
iang at iang.org
Thu Jan 23 03:47:42 EST 2014
On 23/01/14 02:05 AM, Alexandre Anzala-Yamajako wrote:
> I think signing ciphertexts is generally a best practice, and
>
>> certainly not a "mortal sin".
>>
>
> In the public key world, signing ciphertexts not only reveals the identity
> of the sender but also allow relay attacks where a guy intercepts a signed
> message, strips it from his signature and replaces it with its own.
> Depending on the protocol it can be a problem.
> I think the encrypt-sign-encrypt solution solves both of those problems
Even better, the anon-MAC(encrypt(sign(content))) solution.
The problem is the hammer of digsigs; auth and auth and ID all look
like nails.
iang
More information about the cryptography
mailing list