Stefan,
You seem to have the signature and encryption elements of S/MIME confused.
Let's take signatures first.
The SHA algorithm converts a given message to a unique 160-bit number (the
hash). The problem is that anybody can generate this hash from a given
message. So, an attacker could change the message, generate the newhash value
and substitute it for the one that the originator stated. It is for this
reason that SHA alone cannot provide a signature.
The DSA algorithm takes the result of the SHA process and effectively encrypts
the hash using the originators private signature key. The encrypted hash (160
bits - known as S) is then sent to the recipient along with an integrity check
number (160 bits - known as R). The recipient recalculates the hash using SHA
and then decrypts S using the hash value that he has computed along with the
originators public key (stored in his X.509 certificate) and produces a value
V. If V == R then the signature is valid, otherwise it is not. There is a
random element to this, but I didn't wantto cloud the explaination.
As you can see to provide an integrity and proof or origin service both DSA and
SHA need to be applied.
Now, let's take confidentiality....
First a random message encryption key (MEK) is generated, and the message is
encrypted using this key and your chosen algorithm - say 3DES.
A Diffie-Hellman exchange is then used to generate a shared secret key between
the originator and the recipient - call this the Key Encryption Key or KEK.
The random message encryption key (MEK) is then encrypted using the KEK, and
the result stored in a token. This is repeated for each recipient.
The encrypted message, and all of the per-recipient tokens are then sent to all
recipients. The recipient will identify their token, perform a Diffie-Hellman
exchange to calculate the shared secret key (KEK), and use it to decrypt the
random message encryption key (MEK). Once the MEK has been obtained, the
message may be decrypted.
As you can see the message is only encrypted once regardless of the number of
recipients.
In summary, DSA/SHA are used for the authentication/signature service, and
D-H/3DES for the confidentiality/encryption service. The two do not mix in any
way.
Hope this helps,
Darren
-------------------------------------------------------------
Darren Harter BSc Hons MBCS CEng
CASM Technical Architect
CASM Programme Office
CESG
Work: dharter(_at_)cesg(_dot_)gov(_dot_)uk
Home: Darren(_dot_)Harter(_at_)bcs(_dot_)org(_dot_)uk