3

I'm a bit of mixed up on this subject. Does asymmetric encryption like in RSA, ensure message integrity without hashing the message with an HMAC, nothing else is required, or is hashing necessary only when utilizing symmetric encryption?

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
microwth
  • 2,101
  • 2
  • 14
  • 19

1 Answers1

3

No, RSA by itself definitely does not ensure integrity. (i.e. it's malleable.)

If the ciphertext c = me (mod n) is modified to c1 = c * t (multiplication), where t = xe, then the decryption of c1 will be

c1d = (c t)d = (me xe)d = ((mx)e)d = mx (mod n)

so the original message got multiplied with a number controlled by the attacker.

A robust system will use something like OAEP padding with RSA to protect against that. Also see here.

ilkkachu
  • 2,086
  • 1
  • 11
  • 15
  • so let's say I want to send an encrypted email thus I sign it with the receiver's public key. The receiver uses its private key to decrypt it. If someone tampers the message in between then wouldn't the decryption process fail since the message is malformed? – microwth Sep 10 '16 at 17:52
  • @microwth : ​ Signing "it with the receiver's public key" would be quite a trick. ​ ​ ​ ​ –  Sep 10 '16 at 21:01
  • oops, I must edit the question! – microwth Sep 13 '16 at 09:01