Has anyone thought about this:
If I am to produce a signature on a 100 MByte file (for example), unless I
produce the signature from the encrypted (and encoded?) file, the receiver
would have to decrypt the entire 100MByte file just to verify a signature
that may be invalid!
Would it be possible (to alleviate this situation), to:
1) Compress Plaintext
2) Encrypt Plaintext
3) Encode the file (if necessary)
4) Produce Signature
5) Encrypt Signature (using same session key as in 2?)
6) Encrypt session key using receiver's public key.
Detached signatures are mentioned in 10.3 from 2440 that may address this
situation, however there are no specific details on this methodology.
When the e-mail is received, the following would occur:
1) Decryption of session key (using private key)
2) Decryption of signature (using private key)
3) Run hashing algorithm and DSA over the encrypted/encoded data
4) Compare sigs and either discard or decrypt to the original plaintext.
This way, the receiver doesn't have to decrypt a 100 MByte file just to
verify a signature that may be invalid! I know you can use a single pass
signature to speed up the process of decryption etc, however you still have
to decrypt to the original plain-text and that seems to be a waste of time
if the sigs don't match.
If someone could advise on a solution they may have come across whereby you
do not have to decrypt/decode just to verify a signature, it would be much
appreciated.
TIA.
Regards
Erron Criddle
Comasp Ltd.
ACN: 089 468 682
Level 2, 45 Stirling Hwy
NEDLANDS WA 6009
Australia
Fax: +61 8 9386 9473
Tel: +61 8 9386 9534
Mob: +414/0414 800 888
ejc(_at_)comasp(_dot_)com
http://www.comasp.com