Security Basics mailing list archives

RE: Signing before Encryption and Signing after Encryption

From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 21 Mar 2006 11:20:38 -0800

  Signing requires a private key -- therefore, it *must* be
Asymmetric.  Asymmetric is typically much slower than Symmetric,
so you get things like SSL that use Asymmetric to protect the
exchange of the Symmetric key used for actual payload encryption.

  Signing after encryption allows the signature to be verified
before/without decrypting the payload.  There are a variety of
circumstances in which that could be useful, which are blocked
if the signing is done first.  I can't think of any where the
opposite is true.

David Gillett, CISSP

-----Original Message-----
From: shyaam () gmail com [mailto:shyaam () gmail com] 
Sent: Tuesday, March 21, 2006 9:28 AM
To: security-basics () securityfocus com
Subject: Signing before Encryption and Signing after Encryption

Hello All,
I was asked a question in an interview. I would like to know 
more about this. I am sorry if it is really basic question.

What are the tradeoffs between Signing before Encryption and 
Signing after Encryption? Please do let me know on either 
case when you use a Symmetric Key and an Asymmetric key. 

I am sure that this is a very basic question. I appologize again.

Kind Regards,
Shyaam

--------------------------------------------------------------
-------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE 
The Norwich University program offers unparalleled Infosec 
management education and the case study affords you unmatched 
consulting experience. 
Tailor your education to your own professional goals with 
degree customizations including Emergency Management, 
Business Continuity Planning, Computer Emergency Response 
Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
-------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Signing before Encryption and Signing after Encryption shyaam (Mar 21)
- RE: Signing before Encryption and Signing after Encryption Adrian Floarea (Mar 21)
- RE: Signing before Encryption and Signing after Encryption John Lightfoot (Mar 21)
- RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 21)
  - Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 21)
    - RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 22)
    - Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 22)
    - RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 24)
    - Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 24)
    - RE: MS Windows Hidden Shares Jeffrey Smith (Mar 27)
- <Possible follow-ups>
- RE: Signing before Encryption and Signing after Encryption Craig Wright (Mar 22)
  - Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 22)
    - RE: Signing before Encryption and Signing after Encryption John Lightfoot (Mar 24)
    - Re: Signing before Encryption and Signing after Encryption Greg Rubin (Mar 24)

(Thread continues...)