[Top] [All Lists]

RE: Ordering of encryption and signing of a S/MIME message

2002-10-21 04:53:50


In most situations, I recommend sign then encrypt. This provides signature on the plaintext.

There are application-environment reasons to deviation from this approach. However, one must take care. If one does encrypt then sign, the resulting structure is:

An attacker can strip the SignedData encapsulation, making the recipient think that the originator sent an encrypted-only message. However, this construct is safe if the recipient will disregard any unsigned messages.


-----Original Message-----
From: Bernd Matthes [mailto:bernd(_dot_)matthes(_at_)gemplus(_dot_)com]
Sent: 17 October 2002 16:22
To: ietf smime
Cc: Matthias Genkel; Dr. Stephen Henson
Subject: Q: Ordering of encryption and signing of a S/MIME message

Hi to all!

My Question is:
Is it useful a message as first to encrypt and
then to sign the encrypted result,
in example the encapsulatedData of a pkcs7SignedData structure
is a pkcs7encrypted data structure?
I know, it's senseless... ;-) but i found nothing in the standards.
Is there any sensible reason against this procedure(i hope so)?

thanks in advance.

with kind regards
Bernd Matthes                   Gemplus mids GmbH --
Senior Software Engineer           formerly Celo Communications GmbH
Dipl.-Ing.(FH)                  R&D Center Germany