1

If you're sending me a message, you can:

a) Encrypt the message using your private key, and I can decrypt is using your public key.

b) You can create a digital signature of your message, and then send the signature along with the un-encrypted message.

My two questions are:

1) I read somewhere that in the (a) scenario, if your encrypted message is tampered with en route, I won't be able to decrypt it using your public key. Is this the case? I thought I'd be able to apply your public key to any message, tampered-with or not, and if it's been tampered with, the message might just be gibberish or something.

2) What is the advantage of (b) over (a)? Given that the encrypted message in (a) and the digital signature in (b) are both encrypted using the same private key, in what way is the security provided by (b) better?

gkeenley
  • 111
  • 1
  • See also this; [Should we sign-then-encrypt, or encrypt-then-sign?](https://crypto.stackexchange.com/q/202/18298) from Cryptography. – kelalaka Aug 10 '19 at 18:30
  • Encryption with the private key is bullocks. I've tried to explain why [here](https://crypto.stackexchange.com/q/15997/1172). You can only encrypt with the public key of the receiver and sign with your own private key. – Maarten Bodewes Aug 26 '19 at 03:06

3 Answers3

4

These misconceptions come from people trying to explain digital signatures to the layperson. Once someone understands the concept of asymmetric encryption, a common way to explain signatures is "encryption with private key", but in reality there is no such thing (for a very technical explanation, see here). You're far better off thinking of asymmetric encryption and digital signatures as two entirely separate things.

You've come across some of the many problems with this explanation. If someone did try to send you a message "encrypted" with their private key and it was tampered with, you are correct that you would be able to "decrypt" it, but it would be gibberish.

In practice though, messages are too long to be encrypted or signed directly with asymmetric cryptography. When encrypting, a symmetric key is usually generated and used to encrypt the data, then that key is encrypted asymmetrically with the recipient's public key.

Likewise, when signing, the message is first passed through a digest algorithm (cryptographic hash) to remove any structure in the data and to output a small digest that is then signed with the private key. Even if you only have a very short message to sign though, you must still pass it through a hash, otherwise an attacker may be able to forge signatures on random messages algebraically related to yours.

Since correct signing requires some sort of hashing to be used, the signature obviously can't be reversed to the original message, so the message also has to be sent separately to the recipient (consequently your (a) scenario isn't even possible). Often, messages are signed with the sender's private key, then encrypted with a random symmetric key, which itself is then encrypted with the recipient's public key.

AndrolGenhald
  • 15,436
  • 5
  • 45
  • 50
1

The question as you ask it isn't really matter of one being globally better or worse than the other. These are two tools that perform different tasks.

Encryption - A message encrypted with someone's public key, can only be decrypted by someone in possession of the matching Private key. Who was the message really from? No promises there!

Signing - When someone sees a signed message, they can be sure that the message is unchanged since a person in possession of the matching Private key had their hands on it.

These two acts have very different uses. They are also frequently used together. Encryption of a signed message is very common. Some folks even sign the encrypted envelope of a signed message. To each their own.

tjd
  • 755
  • 4
  • 6
  • Thanks for your reply. So if I encrypt a message using my private key and get a resulting encrypted string "abc123", if someone changes that encrypted string to "abc246", what would happen if you tried to decrypt that using my public key? Would it actually fail? Or would it simply return a 'message' that was different from the original one (ie. could be gibberish)? – gkeenley Aug 08 '19 at 19:34
  • You don't encrypt with your Private key. In any case, attempting to "decrypt" some random string will likely produce garbage. Grab a copy of GPG and play with it! – tjd Aug 08 '19 at 19:45
0

a) You don't encrypt a message with your public/private key. If you use public Key cryptographer you generate a key encrypt the message with a symmetric cipher with that key and only encrypt the key with the asymmetric key.

b) The signature here is a hash of the message which is encrypted with your private key.

In both cases the recipient can detect if the massage was changed if he has your public key. 2) b) needs fewer steps, and the recipient can reed the message without your public key. And there are no advantages from a) over b)

Tom
  • 1