Re: Signing and Encryption from Joseph Ashwood on 2001-02-01 (xml-encryption@w3.org from February 2001)

From: Joseph Ashwood <jashwood@arcot.com>
Date: Thu, 1 Feb 2001 13:43:33 -0800
To: <xml-encryption@w3.org>, "Joseph M. Reagle Jr." <reagle@w3.org>
Message-ID: <110001c08c9a$e7542ec0$2a0210ac@livermore>

----- Original Message -----
From: "Joseph M. Reagle Jr." <reagle@w3.org>
> what *must* be encrypted in a Signature when the
> content it signs is also encrypted: the Reference Digests (hashes over
> content being signed: yes), the SignatureValue (hash+key over SignedInfo:
> ?), or both?

Both. In even the most obscure signature algorithms the hash can be verified
by knowing the hash and the public key.
                        Joe

Received on Thursday, 1 February 2001 17:04:23 UTC