Bernd:
In most situations, I recommend sign then encrypt. This provides signature
on the plaintext.
There are application-environment reasons to deviation from this
approach. However, one must take care. If one does encrypt then sign, the
resulting structure is:
ContentInfo
SignedData
EnvelopedData
Content
An attacker can strip the SignedData encapsulation, making the recipient
think that the originator sent an encrypted-only message. However, this
construct is safe if the recipient will disregard any unsigned messages.
Russ
-----Original Message-----
From: Bernd Matthes [mailto:bernd(_dot_)matthes(_at_)gemplus(_dot_)com]
Sent: 17 October 2002 16:22
To: ietf smime
Cc: Matthias Genkel; Dr. Stephen Henson
Subject: Q: Ordering of encryption and signing of a S/MIME message
Hi to all!
My Question is:
Is it useful a message as first to encrypt and
then to sign the encrypted result,
in example the encapsulatedData of a pkcs7SignedData structure
is a pkcs7encrypted data structure?
I know, it's senseless... ;-) but i found nothing in the standards.
Is there any sensible reason against this procedure(i hope so)?
thanks in advance.
with kind regards
--
Bernd Matthes Gemplus mids GmbH --
Senior Software Engineer formerly Celo Communications GmbH
Dipl.-Ing.(FH) R&D Center Germany