5

Digital Signatures

Digital signatures take place whereby you apply your private key to a particular message (or the hash of that message in most cases).

The recipient then takes your public key - not surprisingly publicly available - and then verifies your identity by applying it to the signed message.


Encryption

Encryption on the other hand takes place whereby you take the public key of the person for whom you message is destined, and apply it to the message. Once you have done this, you've in effect locked it from everybody (including yourself), and the only way to unlock that message would be for the recipient to apply their private key to the encrypted message.


"apply"

In both scenarios above, I've used the term "apply", and that is because it is my next point in driving to my final question.

Digital encryption and signing is basically the mathematical multiplication of a mathematically-suitable representation of a message, by a very large number (the public/private keys). When the private key is "multiplied" by the public key, they cancel each other out (somewhat simplified description).

I've written a simplified example of this using Diffie-Helman here.


The Question/Security-Concern

Now with this in mind, here's the scenario I'm considering...

Imagine that you take a secret message, and encrypt it for someone, using the standard asymmetric cryptography (pri/pub keys). You then send that message over an insecure channel to the recipient.

An eavesdropper taps in the line and captures your message.

The message to them is however encrypted, however - they make a guess that the true recipient of the message (the one who has the corresponding private key) uses the same public/private key pair for signing, as she does for encryption.

They somehow manipulate/convince the real recipient of the message to sign "some document", and let's say she does. The document of course is the captured message, but the recipient doesn't know this.

What has just happened? The recipient has applied her private key, to a message that has been signed by her public key.

She would then hand the message back to the assailant (let's assume for the sake of argument that this has been a blind-signing request).

The assailant now has the decrypted message?


Clarification of the Questions

Thankyou to everyone who has responded - it seems that I've failed to word my question as everyone has misunderstood it - that's my fault so sorry about that.

Clarification: Assume that "signing" operation (for academic purposes here) is performed on the entire message, and not the hash of that message. Yes I know that this is not what is actually done, and for reasons (including performance and size), signing is done on the fixed-length crypto hash of a message and not the message itself, but for this questions, please pretend that this is not the case.

Xerxes
  • 4,133
  • 3
  • 26
  • 33

3 Answers3

10

You are basically asking if applying a signature and running a decryption are performed in the same way - the answer is no.

You wrote:

Digital encryption and signing is basically the mathematical multiplication of a mathematically-suitable representation of a message, by a very large number (the public/private keys). When the private key is "multiplied" by the public key, they cancel each other out (somewhat simplified description).

This is not correct. Signatures are performed on cryptographic hashes of the cleartext, not on the cleartext itself.

Federico
  • 351
  • 2
  • 7
  • 1
    Side note: in the original version of PGP (or so I've heard), the public encryption key was only used to encrypt a random key for a symmetric cipher, and that symmetric cipher was then used for the message itself. I'm not sure if modern GPG/PGP does the same (although I don't see why they wouldn't). – David Z Jul 14 '09 at 13:42
  • Yes, all PGP implementations (PGP as in the standard) still do the same thing. – user1686 Jul 14 '09 at 15:23
  • Sorry I tried to make this clear - but failed to do so - as I said, this is an academic question, and the questions assumes that the *entire file* is signed, and not its hash. – Xerxes Jul 15 '09 at 01:30
  • What you define "the entire file is signed" is no more a signature, it looks like you are _encrypting and decrypting_ the entire file instead of signing it :) If you trick the message recipient into decrypting the cypertext and sending back the cleartext to you - this is not a vulnerability in the cryptographic algorhitms. – Federico Jul 15 '09 at 10:33
  • I''m happy with that answer - Thankyou :) – Xerxes Aug 03 '09 at 03:49
3

Error in assumption; the opposite of encryption is decryption, and signing does not operate transitively on either. Signing a message has no effect whatsoever on the encryption.

towo
  • 1,887
  • 14
  • 12
1

In principle signing is only done on the hash of a message, not on the message itself.

Besides this, your scenario does not sound very likely at the moment. Nobody provides an automatic signing services. It wat practical case would this really happen? Wouldn't somebody look before they sign something? Why would they sign (appearently) rubbish?

Peter Smit
  • 1,649
  • 4
  • 21
  • 37