[Cryptography] Attaching the signing public key to data being signed
Ron Garret
ron at flownet.com
Tue Feb 28 15:50:56 EST 2017
One of the things you have to decide when designing a signature protocol is exactly what is to be signed. Simply signing a raw document is a bad idea because that leaves you vulnerable to chimera/Dali attacks (https://pdfs.semanticscholar.org/7a3a/8a1342d40e0585342fd36f938d01c82b75c7.pdf). At the very least you need to integrate the mime-type (or something equivalent) and maybe even the file name into the data being signed.
My question is: would it help to also integrate the public key being used to produce the signature into the data being signed? Are there any attacks that this would help prevent? Has this construction been studied? Can anyone point me to a paper?
Thanks,
rg
More information about the cryptography
mailing list