9631Re: [soapbuilders] Re: Super-Encryption AND Digital Signatures
- Dec 4, 2003
>>Now, a compromised receiver does the following. First, get the keys:No, use the original encrypted Key1.
>>Key2 = RSA_Decrypt[OuterEncryptedKey] [using receiver's RSA private key]
>>CipherValue1 = Decrypt[TripleDES(CipherValue2)]
>>Key1 = RSA_Decrypt[InnerEncryptedKey] [using sender's RSA public key]
>>Next, use those keys to create a bad message:
>>BadCipher1 = Encrypt[TripleDES(*BAD MESSAGE*, Key1)]
>>BadCipher2 = Encrypt[TripleDes(BadCipher1, Key2)]
> But BadCipher1 now has RSA_Encrypt(Key1) from the receiver and not the
> original sender
> Therefore, the proof of who sent the message resides with theRight, but there's no proof of what content the sender provided. More
> decryption of Key1
precisely, the proof is "who generated Key1", which is even further from
protecting the content.
> Where is this breaking down?Our terminology, I think.
Both sender and receiver need Key1 and Key2. Since both 3DES is
symmetric, Key1 and Key2 can both encrypt and decrypt. Once the
adversary (compromised receiver) has both keys, he can use them to
encrypt anthing he wants. Now take that bogus message -- and the keys
*in their original wrappers* -- and prove the sender didn't generate
Does this help?
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
- << Previous post in topic Next post in topic >>