Cryptography Reference
In-Depth Information
Diagram 8.3 PGP Authentication and Confidentiality
−−−−−−−−−−−−−−−−−−−→
h
(
m
)
d
A
←−−−−
h
(
m
)
h
m
d
A
(
h
(
m
))
Alice
m
(
d
A
(
h
(
m
))
,
m
)
=
D
A
−−−−→
D
A
−−−−−−−−−−−−→
m
Z
E
✞
✝
✆
Bob
E
k
(
Z
(
D
A
))
←
(
e
B
(
k
)
,
E
k
(
Z
(
D
A
))
←−−−−−−−−−
E
k
(
Z
(
D
A
))
e
B
(
k
)
k
←−−−−
k
e
B
(
k
)
E
k
(
Z
(
D
A
))
e
B
e
A
k
−−−−→
E
−
1
k
Z
−
1
e
B
(
k
)
D
A
=(
d
A
(
h
(
m
))
,
m
)
−−−−→
−−−−→
m
h
h
(
m
)
d
B
h
(
m
)
h
(
m
)
Compare
Compression Analysis
For the purposes of eJcient e-mail transmission and file storage, PGP has a
built-in default mechanism that compresses
m
after signing but before encipher-
ing. As with our description of the pros and cons of the order of enciphering
versus authentication on pages 266 and 267, the order of signing vs. compression
deserves some elucidation.
If Alice were to compress
m
, forming
Z
(
m
), then sign it to form,
d
A
(
Z
(
m
)), it
would be necessary to either store
Z
(
m
) for the purposes of later verification by
Bob, or once Bob obtains
Z
(
m
) via
e
A
, then it would be necessary to form
Z
(
m
)
Search WWH ::
Custom Search