1,219 views
Let M be a confidential email that Alice wants to send to Bob,  $K_B$ be Bob’s encryption public key, and  $K_A^{-1}$ be Alice’s private key for signing. Which of the following options would be the best choice for protecting confidential emails?

(A)Send $E_{K_{B}}(M),Sign_{K_A^{-1}}(K_B)$

(B)Send $E_{K_B}(M),Sign_{K_{A}^{-1}}(M)$

(C)Send $E_{K_B}(M),Sign_{K_{A}^{-1}}(E_{K_B}(M))$

(D)$Send\,E_{K_B}(M),Sign_{K_{A}^{-1}}(K_{A}^{+1}(M))$

I marked (B), but correct answer is given to be (C).

I understand the first part, that we are encrypting the message with Bob’s public key, but my understanding says, that we sign the message using Alice’s private key and send it to bob along with the Encrypted message.

But seems like option (C) says that along Encrypted message, Alice should sign the encrypted message and then should send this signature along with the encrypted message to BOB.

What is the final conclusion of this question ??

but option will be like this (C)Send $Sign_{K_{A}^{-1}}(E_{K_B}(M))$

I think in this question, it's more about which one is more appropriate. In option B, we sign the message with A's private key - so any one who has A's public key would be able to know that this message is coming from A and may even get the actual value of M from it. Another problem with this is that two signatures might be same for the same message text, which violates confidentiality.

In C, we first encrypt the message to generate a message digest. Assuming that we use a good hash function, each of the digest will be unique in value and when this is signed by A's private key, it'll be more secure.
by

is not here

$Sign_{K_{A}^{-1}}(E_{K_B}(M))$

encryption and signing both done?

Then option (E_{K_B}(M)), $Sign_{K_{A}^{-1}}(E_{K_B}(M))$

will be correct

$1$ st one not needed

right?

Here option D) means without encryption message is sending

Option A: Encrypting the message is good but why signing the public key of B as it is available globally.

Option D: Here as well encrypting is fine but signed using public key of A but how can the receiver verify the sign as he will not have private key of A to do so.

Now left with option B and C

Option B:

1. Receiver(assume Intruder) decrypts the digital signature using the public key of sender.(This assures authenticity,as only sender has his private key so only sender can encrypt using his private key which can thus be decrypted by sender’s public key).
2. The Intruder now has the message.

Option C:

1. Receiver(assume Intruder) decrypts the digital signature using the public key of sender.(This assures authenticity,as only sender has his private key so only sender can encrypt using his private key which can thus be decrypted by sender’s public key).
2. The Intruder now has the encrypted message(encrypted using public key of B so it can be decrypted only by private key of B which he doesn't have.

So I picked Option C over Option B

@Hemanth_13-The message can never be read by any other person for both option (C) and (B)

In (B), we are sending message(which is encrypted using Bob's public key) and then we are sending signature of message which is

one way hash of the message created by Alice followed by Encryption of the same using Alice's private key.

Now even if I decrypt the signature using Alice's public key, I get is the Hash of the message and not the Message itself.And I think Hash is only one-way. What Can I do with Hash?

https://www.instantssl.com/https-tutorials/digital-signature.html

You are right

see at the receiver's side you will get hash of encrypted data after decrypting the signature, hash the encrypted data and compare it , if its is same you can get decrypted the message which receiver got using his private key.

This is fine right?