Douglas Otis wrote:
The MSTATE header information provides two things. It tells you the
original length as well as a simple hash value of the header or data
section. Analysis could make simple guesses as to the original
information, and confirm this with the simple hash. Once the header or
message part has been restored or removed, the signature is rechecked.
This process only succeeds when the signature validates.
This (last sentence) is the essential piece that I was missing. Unless
the recipient is able to reconstruct a message that validates correctly,
all bets are off; nothing in the message can be used reliably. This
wasn't clear to me from your earlier description.
It seems like a lot of trial and error may be required, with
recalculation of the signature at each step. Correct?
-Jim