For security reasons, you should first sign your message and then encrypt it
with the recipient's public key. If you perform the the reverse operation
(encrypt then sign), then a threat agent may
intercept you message, skip your signature and sign "your encrypted" message.
So the recipient will hence receive a signed message from the threat agent and
no more from you.
e-Security Product Development Manager
Tel.: +32 2 202 79 02
Fax: +32 2 202 41 06
From: Bernd Matthes [mailto:bernd(_dot_)matthes(_at_)gemplus(_dot_)com]
Sent: 17 October 2002 16:22
To: ietf smime
Cc: Matthias Genkel; Dr. Stephen Henson
Subject: Q: Ordering of encryption and signing of a S/MIME message
Hi to all!
My Question is:
Is it useful a message as first to encrypt and
then to sign the encrypted result,
in example the encapsulatedData of a pkcs7SignedData structure
is a pkcs7encrypted data structure?
I know, it's senseless... ;-) but i found nothing in the standards.
Is there any sensible reason against this procedure(i hope so)?
thanks in advance.
with kind regards
Bernd Matthes Gemplus mids GmbH --
Senior Software Engineer formerly Celo Communications GmbH
Dipl.-Ing.(FH) R&D Center Germany
"Complexity breeds bugs. Bugs prevent adoption, lack of" \
"adoption results in death. Death not good." "Life sucks."
**** DISCLAIMER ****
"This e-mail and any attachments thereto may contain information
which is confidential and/or protected by intellectual property
rights and are intended for the sole use of the recipient(s) named above.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form)
by persons other than the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender either
by telephone or by e-mail and delete the material from any computer.
Thank you for your cooperation."