[Cryptography] Sign then encrypt, then sign again...

[jrzx]

On Sunday, January 29th, 2023 at 2:55 PM, Phillip Hallam-Baker <phill at hallambaker.com> wrote:


> One of the topics that keeps coming up is whether to sign the data first then encrypt or encrypt the data and then sign.


In the general case, one should do neither.  The message should be encrypted with short term symmetric secret established by single use public keys, and contain or imply the author's durable secret key, and the rest of the message encrypted by a symmetric secret established by short term secret key(s) and the author's durable key, proving to the recipient that it was generated by possessor of that secret key, but not enabling him to prove it to anyone else.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20230501/360b8f7c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - jrzx at protonmail.ch - 0x4B137C8A.asc
Type: application/pgp-keys
Size: 1718 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20230501/360b8f7c/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 509 bytes
Desc: OpenPGP digital signature
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20230501/360b8f7c/attachment.sig>