1996-10-27 - some RSA questions

Header Data

From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
To: cypherpunks@toad.com
Message Hash: e6ff5b24aa92aae2be8b91c218a107bc9adcf56a4476ee066b16ed9579f97dfb
Message ID: <Pine.GSO.3.93.961027154749.25956C-100000@nebula>
Reply To: N/A
UTC Datetime: 1996-10-27 14:47:15 UTC
Raw Date: Sun, 27 Oct 1996 06:47:15 -0800 (PST)

Raw message

From: =?ISO-8859-1?Q?J=FCri_Kaljundi?= <jk@stallion.ee>
Date: Sun, 27 Oct 1996 06:47:15 -0800 (PST)
To: cypherpunks@toad.com
Subject: some RSA questions
Message-ID: <Pine.GSO.3.93.961027154749.25956C-100000@nebula>
MIME-Version: 1.0
Content-Type: text/plain



Some questions about writing a program that uses RSA. 

Let's assume we have 3 participants (Alice, Bob, Carol). The idea is for
Bob to send an encrypted and signed message to Alice. Although Bob
constructs the message, signs it and encrypts it, it is Carol who can
decide some parts of the message.

The message is small, 200-400 bytes in length. Some of the contents of the
message are always the same (field names) and the message looks much like
mail headers: 

Field1Name: field1contents
Field2Name: field2contents
Field3Name: field3contents

Carol can decide, what goes into the field contents. 

Now the easiest way would be to sign the message using Bob's private key
and encrypt is using Alice's public key. What Carol wants to do is forge
similar messages without help from Bob and send the messages to Alice.
Let's say that Bob is a bank, Alice a merchant and Carol a buyer. Usually
Bob has to take some money from Carols account and after the he signals
Alice, that she can give the goods to Carol. Now Carol wants to get the
goods without paying and give a false signal to Alice (which Alice thinks
is a signal from Bob). Both the public keys of Alice and Bob are
well-known. One of the fields will be unique for every message, so that
Carol can not use the same message to pay once and recieve the goods many
times.

The question is easy: how should I sign and encrypt the message?

1) calculate a digest (MD5, SHA) from the message, sign the digest (or
should I sign the message contents + digest) with Bob's private key and
encrypt it with Alice's public key?

2) is there any idea to generate a DES key, encrypt the message with the
DES key, calculate a digest on (enc. message + DES key), sign the digest
and encrypt it with Alice's public key? The message is small, so the time
it takes to encrypt the message is not so important compared to higher
speed of DES.

3) may be it would be good to encrypt the message with Alice's public key,
then generate a digest, sign the digest and then once more encrypt the
whole thing with Alice's public key?

Using a DES session key helps in case someone would find out Alice's
private key she uses to decrypt the message, but actually in this case it
is not so important to hide the message contents (what is important are
message integrity and sender authentication).

What are the suggestions what crypto package might I use: RSAref,
crypto++, SSLeay or some other? 

--
Juri Kaljundi
jk@stallion.ee







Thread