1,252 views
Let M be a confidential email that Alice wants to send to Bob,  $K_B$ be Bob’s encryption public key, and  $K_A^{-1}$ be Alice’s private key for signing. Which of the following options would be the best choice for protecting confidential emails?

(A)Send $E_{K_{B}}(M),Sign_{K_A^{-1}}(K_B)$

(B)Send $E_{K_B}(M),Sign_{K_{A}^{-1}}(M)$

(C)Send $E_{K_B}(M),Sign_{K_{A}^{-1}}(E_{K_B}(M))$

(D)$Send\,E_{K_B}(M),Sign_{K_{A}^{-1}}(K_{A}^{+1}(M))$

I marked (B), but correct answer is given to be (C).

I understand the first part, that we are encrypting the message with Bob’s public key, but my understanding says, that we sign the message using Alice’s private key and send it to bob along with the Encrypted message.

But seems like option (C) says that along Encrypted message, Alice should sign the encrypted message and then should send this signature along with the encrypted message to BOB.

What is the final conclusion of this question ??

but option will be like this (C)Send $Sign_{K_{A}^{-1}}(E_{K_B}(M))$

I think in this question, it's more about which one is more appropriate. In option B, we sign the message with A's private key - so any one who has A's public key would be able to know that this message is coming from A and may even get the actual value of M from it. Another problem with this is that two signatures might be same for the same message text, which violates confidentiality.

In C, we first encrypt the message to generate a message digest. Assuming that we use a good hash function, each of the digest will be unique in value and when this is signed by A's private key, it'll be more secure.
by

@goxul-Signing the message only means that we have created the message digest and it is encrypted with Alice's private key.

In Option (B), Encrypted Message Along with Hash which is encrypted with Alice's Private key(Signature) is sent to BOB. In no way, other than BOB, a person can get Message M.

https://www.instantssl.com/https-tutorials/digital-signature.html

@goxul-And Okay, suppose I decrypt the Message digest using Alice's public key, change it to something, now how will I Encrypt this New Modified Digest When I Don't have the Alice's private key?

And If I want to send this modified Digest to BOB, how can I do so?

@Ayush Upadhyaya It is encrypted with Alice's private key. Assume that we use RSA to sign the message. When an intruder gets the message, he can decrypt it with Alice's public key. Simply signing the message doesn't get you confidentiality - it only gets you authentication.

In normal cases to achieve confidentiality (for eg in PGP), the message is signed using a symmetric key and this key is then exchanged using some other kind of asymmetric method.

When we encrypt the message before signing it, if an intruder gets the message, he can only get the encrypted message, which is useless.

Why do you have to send it to Bob? Suppose some confidential information is being sent to to Bob and the intruder receives it. Now, the intruder may choose to forward the same message to Bob without making any other modifications - he is simply snooping the network.

@goxul-I am Still not clear.

In Option (B) suppose I have Alice's Public key, what will I get If I decrypt the Signature?

It could be possible that for two same messages, the signatures might be same in some schemes. That gives the attacker some information about what the message might contain.

Also, the intruder has the hashed message and the actual message. Now, he might decrypt the message in some way to see whether they are the same.

The most simple explanation is that more encryption shall give you more security, and that's what has been asked here.
$E_{K_{B}}(M)$ means encryption in $B$ with Key

right?

Now what second symbol means $Sign_{K_{A}^{-1}}(M)$
and why it needed for question?

@srestha That is to provide authentication as it is a digital signature.

I think

$Sign_{K_{A}^{-1}}(E_{K_B}(M))$

this can give both security and authentication

Then why 1st symbol given separately?

This doesn't give authentication. Unless it has been signed by A's private key, B has no way that it has come from A. Anybody can encrypt with B's public key and send it.
Explain more

not clear what u r telling

E means encryption, which certainly has authentication
Okay, so A sends a message which is signed with B's public key. This is what encryption is. B receives the message and is able to decrypt is using his private key.

But, there's no way for B to know that A sent this message. This message could have been sent by C too, as C also can see B's public key.

Hence, to verify that the message has been sent by A, A signs it using his private key. Now when this message goes to B, B uses A's public key to verify that the message was sent by A. This shows that A is the source, as we were able to decrypt using A's public key, which implies that it was signed by A's private key.

is not here

$Sign_{K_{A}^{-1}}(E_{K_B}(M))$

encryption and signing both done?

Then option (E_{K_B}(M)), $Sign_{K_{A}^{-1}}(E_{K_B}(M))$

will be correct

$1$ st one not needed

right?

Here option D) means without encryption message is sending

Option A: Encrypting the message is good but why signing the public key of B as it is available globally.

Option D: Here as well encrypting is fine but signed using public key of A but how can the receiver verify the sign as he will not have private key of A to do so.

Now left with option B and C

Option B:

1. Receiver(assume Intruder) decrypts the digital signature using the public key of sender.(This assures authenticity,as only sender has his private key so only sender can encrypt using his private key which can thus be decrypted by sender’s public key).
2. The Intruder now has the message.

Option C:

1. Receiver(assume Intruder) decrypts the digital signature using the public key of sender.(This assures authenticity,as only sender has his private key so only sender can encrypt using his private key which can thus be decrypted by sender’s public key).
2. The Intruder now has the encrypted message(encrypted using public key of B so it can be decrypted only by private key of B which he doesn't have.

So I picked Option C over Option B

@Hemanth_13-The message can never be read by any other person for both option (C) and (B)

In (B), we are sending message(which is encrypted using Bob's public key) and then we are sending signature of message which is

one way hash of the message created by Alice followed by Encryption of the same using Alice's private key.

Now even if I decrypt the signature using Alice's public key, I get is the Hash of the message and not the Message itself.And I think Hash is only one-way. What Can I do with Hash?

https://www.instantssl.com/https-tutorials/digital-signature.html

You are right

see at the receiver's side you will get hash of encrypted data after decrypting the signature, hash the encrypted data and compare it , if its is same you can get decrypted the message which receiver got using his private key.

This is fine right?

1 vote