0

Let´s say that Alice wants to send an encrypted message that only Bob can read, plus confirm that Alice is the person that wrote that message.

What is the procedure that will take place?

When I see digital signature workflow I always see that the message it´s transferred "clear" to the receiver (so Bob can hash the document in his side and compare it with the hash received by Alice), but the encrypted part (using Alice´s private key) is always the hash.

What happens when we want to encrypt also the message to a specific person? There will be a "second encryption" process, in which the message will be encrypted by Bob´s public key?

Just an example to confirm:

  • Alice produce digital signature: creates a hash of the document + encrypt it using her private key.

  • Alice encrypts the message itself: Takes the document and encrypt it using Bob´s public key (so only he can decrypt it, using his private key). (I guess that if the document is big can take a long time to finish the process, right?)

schroeder
  • 125,553
  • 55
  • 289
  • 326
  • Is time a big concern here, or can we omit that part? – schroeder Mar 25 '19 at 15:55
  • 1
    Small note: that's not exactly how digital signatures work. It's a common understanding, but it is not accurate. – schroeder Mar 25 '19 at 15:55
  • Hello Schroeder. Can you share a link or post where is explained how digital signatures exactly work? – D. Rock Mar 25 '19 at 15:57
  • 1
    This tries to explain the difference: https://security.stackexchange.com/questions/68822/trying-to-understand-rsa-and-its-terminology/68836#68836 – schroeder Mar 25 '19 at 16:02
  • Is not my summary of digital signature basically what is explained in your post? "takes as inputs a message (a sequence of bytes, usually not limited in length) and a private key + [...]For signatures, the message that is to be signed is first hashed with a suitable hash function". – D. Rock Mar 25 '19 at 16:11
  • Basically, my point is what happens when you want to encrypt a message for a specific receiver + you want to sign it. Is there a specific order that it´s followed, or will be just two separate procedures running at the same time? – D. Rock Mar 25 '19 at 16:13
  • 1
    The differences are that the "private key" is a special key used for signing (not encryption), it is not always necessary to hash the message, and if hashed, the hash is not encrypted with the signing key but rather the hash is used as an exponent. You do not simply hash the message and then encrypt the hash. – schroeder Mar 25 '19 at 16:31
  • I get what you are asking, I'm just saying that as a small note, your description of that one point is not accurate (you could simply remove that part and the question could survive). – schroeder Mar 25 '19 at 16:32

1 Answers1

1

There's nothing that prevents you from either signing an encrypted message or encrypting a signed message. The latter is the way encrypted email works, see S/MIME with its CMS message format, or OpenPGP. The former is less common, but sometimes seen, for example in the specification of SCEP secure message objects.

A detailed discussion about the merits of these approaches and more can be found here.

wallenborn
  • 556
  • 3
  • 4