How about, when using public key cryptography, one encrypts, signs, and encrypts again?

Asked May 30 '21 at 19:56

Active May 30 '21 at 20:06

Viewed 31 times

I suppose one reason for prepending the name would be that a malicious Bob could pose as Alice by encrypting the exact same message + Alice's signature using Charlie's public key, and trick Charlie into believing that Alice sent him the message.

is a comment on an answer to the question Should we sign-then-encrypt, or encrypt-then-sign?. It is very interesting. I had not thought of that attack.

I wonder if instead of prepending the name, one could encrypt the message, then generate and append the signature, and then encrypt everything with the same key and send the result. Sometimes it might be convenient not to prepend the name.

edited May 30 '21 at 20:06

asked May 30 '21 at 19:56

Security Every Day

Why do you need double encryption? When it is not appropriate to add the signer's name? is it secret? – kelalaka May 30 '21 at 20:06
@kelalaka I'm not sure when you might want to not add the name, but it seems likely that someone sometime would not want to. Or what if the sender had forgotten the name? – Security Every Day May 30 '21 at 20:10
are you talking about anonymous signatures? – kelalaka May 30 '21 at 20:12
@kelalaka What are they? – Security Every Day May 30 '21 at 23:59

How about, when using public key cryptography, one encrypts, signs, and encrypts again?

0 Answers0