2

I have a question about the message that is being encrypted and signed. Say, two users called Tom and Mary, both have a pair of private key and public key. Tom sends a message through a system that will encrypt and sign the message. 2 kinds of message will be sent 1. encrypted message and, 2. hash function of the message, public key of Tom and Mary, secret Key (which is chosen by Tom)

I would like to ask after Mary got the message, she could recover the message by the public key of tom. but how could she recover the hash function so that she could make sure this 2 kinds of message are signed by Tom?

Thanks!

Lavender
  • 21
  • 1

1 Answers1

2

There is some confusion in your question, because a signature in a public key cryptosystem is (usually) not just a hash, but a hash of the message that is signed using the private key. E.g. in RSA it would be a hash value padded and raised to the private exponent.

There are two ways to have an authenticated encryption in a public key system: Should we sign-then-encrypt, or encrypt-then-sign? In encrypt-then-sign, the receiver can verify the signature just as if they had received a signed plaintext message. In sign-then-encrypt they would first have to decrypt the message, but then they have just a signed plaintext.

In either case the message hash can be calculated by anyone since it does not include keys. The keys only come into play when verifying that the signature was taken over the hash, and there the public key is enough.

For low level details of how it works in the case of RSA you can refer to PKCS #1.

Community
  • 1
otus
  • 32,132
  • 5
  • 70
  • 165