Loading ...
Sorry, an error occurred while loading the content.

9630Re: [soapbuilders] Re: Super-Encryption AND Digital Signatures

Expand Messages
  • mlong@bridgetonconsulting.com
    Dec 4, 2003
    • 0 Attachment
      Quoting Rich Salz <rsalz@...>:

      > Good -- a common notation. :)
      >
      > Now, a compromised receiver does the following. First, get the keys:
      > Key2 = RSA_Decrypt[OuterEncryptedKey] [using receiver's RSA private key]
      > CipherValue1 = Decrypt[TripleDES(CipherValue2)]
      > Key1 = RSA_Decrypt[InnerEncryptedKey] [using sender's RSA public key]
      > Next, use those keys to create a bad message:
      > BadCipher1 = Encrypt[TripleDES(*BAD MESSAGE*, Key1)]
      > BadCipher2 = Encrypt[TripleDes(BadCipher1, Key2)]
      >
      > The adversary can now present present the two encrypted keys and
      > BadCipher2, and nobody can prove they didn't come from the original
      > sender. ("But you told me to give 1,000 pills -- here's the message")

      But BadCipher1 now has RSA_Encrypt(Key1) from the receiver and not the
      original sender, because the receiver never had access to the sender's RSA
      private key. Therefore, the proof of who sent the message resides with the
      decryption of Key1 (since it is always encrypted with the sender's private
      key).

      Where is this breaking down?
    • Show all 22 messages in this topic