Monday, June 30, 2003

Sign then Encrypt or Encrypt then Sign?

I was doing some research online at work today, trying to optimize
some of the security infrastructure I’ve been working on for my client. I ran
across this article in
my search to remember whether, when both signing and encrypting a message, one is
supposed to sign first or encrypt first. I knew that doing it one way was bad, but
couldn’t remember which was which.

The article goes on at length about the many issues around signature
and encryption, but I mostly want to point out the first part, where it talks about
why you should always sign first, then encrypt second.


  1. Generally approach is to sign first and encrypt signed content. But both may have flaws (read Don Davis paper "Defective Sign & Encrypt in SMIME, PKCS#7, MOSS, PEM, PGP and XML" at

  2. Or follow the link in the entry. ;)