Should I encrypt the signature?_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-17 05:56 出处：网络

I know, according to this article that I should Sign the message, then Encrypt the message. My program operates like so:

I know, according to this article that I should Sign the message, then Encrypt the message.

My program operates like so:

Get the bytes of the message
Digitally sign the message, and store the signature in a separate byte array
Encrypt the message
Send the signature, then the encrypted message in a packet

Should I do it like so?

Get the bytes of the message
Digitally sign the message, and concat开发者_开发技巧enate it with the bytes of the message
Encrypt the array containing the message and signature
Send the encrypted data

Appreciate the assistance

Digitally sign the message, and concatenate it with the bytes of the message.

You need to know where one ends and the other starts, but sure. Some APIs just take a key and a message and produce an output of bytes, and then instead of having a separate verify (data)->boolean step, they take a single bunch of bytes and either return the verified message or fail.

So yes, you can send

encrypt(
    concat(
        sign(message, signerPrivateKey), message),
        encryptionKey)

To get a verified message, the receiver has to have received two keys ahead of time: the signers public key and the decrypt key which is the same as the encryptionKey for symmetric crypto and which must be a guarded secret.

If you want to use asymmetric crypto so you only need to exchange public keys, and your message is not always shorter than a key, typically you generate a one-time use symmetric key and only encrypt that asymmetrically since asymmetric algos are typically more expensive than symmetric ones.

oneTimeUseSymmetricCryptoKey := generateKey()
concat(
    encryptAssymetric(
        oneTimeUseSymmetricCryptoKey,
        encrypterPrivateKey),
    encryptSymmetric(
        concat(sign(message, signerPrivateKey), message),
        oneTimeUseSymmetricCryptoKey))

None of this though prevents the message forwarding attack described in the link above. To do that, you need to authenticate the sender, e.g. by choosing a public key to verify the signature AND a key to decrypt based on a sender address which is arrived at independently from the exchange of encrypted bytes.