Re: Signing and Encryption

----- Original Message -----
From: "Joseph M. Reagle Jr." <reagle@w3.org>
> what *must* be encrypted in a Signature when the
> content it signs is also encrypted: the Reference Digests (hashes over
> content being signed: yes), the SignatureValue (hash+key over SignedInfo:
> ?), or both?

Both. In even the most obscure signature algorithms the hash can be verified
by knowing the hash and the public key.
                        Joe

Received on Thursday, 1 February 2001 17:04:23 UTC