in Computer Networks
1,248 views
0 votes
0 votes
Let M be a confidential email that Alice wants to send to Bob,  $K_B$ be Bob’s encryption public key, and  $K_A^{-1}$ be Alice’s private key for signing. Which of the following options would be the best choice for protecting confidential emails?

(A)Send $E_{K_{B}}(M),Sign_{K_A^{-1}}(K_B)$

(B)Send $E_{K_B}(M),Sign_{K_{A}^{-1}}(M)$

(C)Send $E_{K_B}(M),Sign_{K_{A}^{-1}}(E_{K_B}(M))$

(D)$Send\,E_{K_B}(M),Sign_{K_{A}^{-1}}(K_{A}^{+1}(M))$

I marked (B), but correct answer is given to be (C).

I understand the first part, that we are encrypting the message with Bob’s public key, but my understanding says, that we sign the message using Alice’s private key and send it to bob along with the Encrypted message.

But seems like option (C) says that along Encrypted message, Alice should sign the encrypted message and then should send this signature along with the encrypted message to BOB.

Please help.
in Computer Networks
1.2k views

12 Comments

I feel c should be the answer because the more encrypted the better security
0
0

@Hemanth_13-Please give a stronger clause to support your answer. Why (C) is better instead of  (B)

0
0
I think it's option C due to the fact that Digital Signature do not provide confidentiality but it provide Authentication ,Integrity and Non Repudiation. So any attacker can view the signed mail using Alice's public key. But if the signature is on encrypted message then only Bob Can decrypt the message and verify the signature is sent by Alice only.Thus Confidentiality,Authentication ,Non Repudiation and Integrity is archived by option C.
0
0

@Soumya Tiwari-Using Alice's Public Key, One can only get One-Way Hash of the message and not the message itself.

How can One have security issues When I get the Message digest and not the Message itself.

0
0
The message digest itself can be used to get the message using rainbow tables, as an example. Hash functions are theoretically pre-image resistant, but they still can be broken.
1
1

@goxul-I think if hash function used is SHA-512, it would be almost impossible to generate the message that hashes to the same digest.

https://crypto.stackexchange.com/questions/11230/would-it-be-possible-to-generate-the-original-data-from-a-sha-512-checksum

0
0
My Query still remains the same. Why are we hashing the Encrypted Message over the message?

Wouldn't hashing the Encrypted Message instead of Message be an overhead?
0
0
I think all these things regarding hash function is not required at all.We should not complicate stuff.
Simple thing is considering your case,Alice send encrypted message along with signature on the message i.e.suppose you speedpost some encrypted document and another document with signature of yours in it.Do it prevent the postmaster deliverying the message to your friend from knowing the message...? NO as though he can't read the encrypted doc but still can read the signed document.
0
0

@  @

What is the final conclusion of this question ??

0
0
C) will be answer

but option will be like this (C)Send $Sign_{K_{A}^{-1}}(E_{K_B}(M))$
0
0
0
0

2 Answers

0 votes
0 votes
I think in this question, it's more about which one is more appropriate. In option B, we sign the message with A's private key - so any one who has A's public key would be able to know that this message is coming from A and may even get the actual value of M from it. Another problem with this is that two signatures might be same for the same message text, which violates confidentiality.

In C, we first encrypt the message to generate a message digest. Assuming that we use a good hash function, each of the digest will be unique in value and when this is signed by A's private key, it'll be more secure.
by

4 Comments

is not here

$Sign_{K_{A}^{-1}}(E_{K_B}(M))$

encryption and signing both done?

Then option (E_{K_B}(M)), $Sign_{K_{A}^{-1}}(E_{K_B}(M))$

will be correct

$1$ st one not needed

right? 

0
0
Here option D) means without encryption message is sending
0
0
0 votes
0 votes

@Ayush Upadhyaya    see below explanation

Option A: Encrypting the message is good but why signing the public key of B as it is available globally.

Option D: Here as well encrypting is fine but signed using public key of A but how can the receiver verify the sign as he will not have private key of A to do so.

Now left with option B and C

Option B:

  1. Receiver(assume Intruder) decrypts the digital signature using the public key of sender.(This assures authenticity,as only sender has his private key so only sender can encrypt using his private key which can thus be decrypted by sender’s public key).
  2. The Intruder now has the message.

Option C:

  1. Receiver(assume Intruder) decrypts the digital signature using the public key of sender.(This assures authenticity,as only sender has his private key so only sender can encrypt using his private key which can thus be decrypted by sender’s public key).
  2. The Intruder now has the encrypted message(encrypted using public key of B so it can be decrypted only by private key of B which he doesn't have.

So I picked Option C over Option B

2 Comments

@Hemanth_13-The message can never be read by any other person for both option (C) and (B)

In (B), we are sending message(which is encrypted using Bob's public key) and then we are sending signature of message which is

one way hash of the message created by Alice followed by Encryption of the same using Alice's private key.

Now even if I decrypt the signature using Alice's public key, I get is the Hash of the message and not the Message itself.And I think Hash is only one-way. What Can I do with Hash?

https://www.instantssl.com/https-tutorials/digital-signature.html

0
0

You are right 

see at the receiver's side you will get hash of encrypted data after decrypting the signature, hash the encrypted data and compare it , if its is same you can get decrypted the message which receiver got using his private key.

This is fine right?

 

0
0

Related questions