1,948 views
0 votes
0 votes
Let M be a confidential email that Alice wants to send to Bob,  $K_B$ be Bob’s encryption public key, and  $K_A^{-1}$ be Alice’s private key for signing. Which of the following options would be the best choice for protecting confidential emails?

(A)Send $E_{K_{B}}(M),Sign_{K_A^{-1}}(K_B)$

(B)Send $E_{K_B}(M),Sign_{K_{A}^{-1}}(M)$

(C)Send $E_{K_B}(M),Sign_{K_{A}^{-1}}(E_{K_B}(M))$

(D)$Send\,E_{K_B}(M),Sign_{K_{A}^{-1}}(K_{A}^{+1}(M))$

I marked (B), but correct answer is given to be (C).

I understand the first part, that we are encrypting the message with Bob’s public key, but my understanding says, that we sign the message using Alice’s private key and send it to bob along with the Encrypted message.

But seems like option (C) says that along Encrypted message, Alice should sign the encrypted message and then should send this signature along with the encrypted message to BOB.

Please help.

2 Answers

0 votes
0 votes
I think in this question, it's more about which one is more appropriate. In option B, we sign the message with A's private key - so any one who has A's public key would be able to know that this message is coming from A and may even get the actual value of M from it. Another problem with this is that two signatures might be same for the same message text, which violates confidentiality.

In C, we first encrypt the message to generate a message digest. Assuming that we use a good hash function, each of the digest will be unique in value and when this is signed by A's private key, it'll be more secure.
0 votes
0 votes

@Ayush Upadhyaya    see below explanation

Option A: Encrypting the message is good but why signing the public key of B as it is available globally.

Option D: Here as well encrypting is fine but signed using public key of A but how can the receiver verify the sign as he will not have private key of A to do so.

Now left with option B and C

Option B:

  1. Receiver(assume Intruder) decrypts the digital signature using the public key of sender.(This assures authenticity,as only sender has his private key so only sender can encrypt using his private key which can thus be decrypted by sender’s public key).
  2. The Intruder now has the message.

Option C:

  1. Receiver(assume Intruder) decrypts the digital signature using the public key of sender.(This assures authenticity,as only sender has his private key so only sender can encrypt using his private key which can thus be decrypted by sender’s public key).
  2. The Intruder now has the encrypted message(encrypted using public key of B so it can be decrypted only by private key of B which he doesn't have.

So I picked Option C over Option B

Related questions