Order of sign and encrypt

RegisterResult and RecoverResult may both contain signatures over encrypted
data, however the order of these operations is not explicitly stated in the 

Given the PrivateKey schema fragment, I'm inclined to draw the conclusion 
only encrypt-then-sign is required.  Is this the intention and if so does 
this warrant
a clarifying statement to that effect?


I believe the (un-encrypted) RSAKeyPair is deliberatly omitted from 
PrivateKey so
as to *allow* implementations to mitigate the risk of disclosure of 
sensitive stuff
through, say, the use of special purpose cryptographic hardware that, apart 
from their
primary purpose, also can be programmed to extract the private key 
components from the
surface syntax of an RSAKeyPair element.  I imagine that this design *could* 
stand in the way
of supporting sign-then-encrypt in XKMS  - assuming that 
generating/verifying an enveloped
signature is performed over a schema valid document, which is the only way I 
have explored.


[1] http://www.w3.org/TR/2002/REC-xmlenc-decrypt-20021210

Tired of spam? Get advanced junk mail protection with MSN 8. 

Received on Friday, 9 July 2004 05:34:21 UTC