Security Basics mailing list archives

RE: Signing before Encryption and Signing after Encryption

From: "Adrian Floarea" <adrian.floarea () uti ro>
Date: Tue, 21 Mar 2006 21:12:17 +0200

Hi  Shyaam,

Yes is a basic question with a complicated answer :D. First of all,
technically, the both procedures are correct. In practice, is more used
signing before encryption. Why? Because when I want, let say, to sign and
encrypt a document is important to sign the document in clear text (this is
a concept: what you sign is what you see). Why again? It's like in real
world. If you must sign a contract, will you prefer in clear or encrypted
form? I think in clear. 

Hope to help you....

Regards,

Adrian Floarea, CISA
Information Security Department
IT&C Division, UTI Systems SA
Bucharest, Romania
Email: adrian.floarea () uti ro


-----Original Message-----
From: shyaam () gmail com [mailto:shyaam () gmail com] 
Sent: Tuesday, March 21, 2006 7:28 PM
To: security-basics () securityfocus com
Subject: Signing before Encryption and Signing after Encryption

Hello All,
I was asked a question in an interview. I would like to know more about
this. I am sorry if it is really basic question.

What are the tradeoffs between Signing before Encryption and Signing after
Encryption? Please do let me know on either case when you use a Symmetric
Key and an Asymmetric key. 

I am sure that this is a very basic question. I appologize again.

Kind Regards,
Shyaam

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and the
case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Signing before Encryption and Signing after Encryption shyaam (Mar 21)
- RE: Signing before Encryption and Signing after Encryption Adrian Floarea (Mar 21)
- RE: Signing before Encryption and Signing after Encryption John Lightfoot (Mar 21)
- RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 21)
  - Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 21)
    - RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 22)
    - Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 22)
    - RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 24)
    - Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 24)
    - RE: MS Windows Hidden Shares Jeffrey Smith (Mar 27)
- <Possible follow-ups>
- RE: Signing before Encryption and Signing after Encryption Craig Wright (Mar 22)
  - Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 22)

(Thread continues...)