KeyCzar paper incorrect?

42 views
Skip to first unread message

Maarten Bodewes

unread,
Oct 13, 2015, 4:08:52 PM10/13/15
to Keyczar Discuss
In 6.2 the paper states (in the first and second table):

Header | IV (if any) | Encrypt(M) | Sign(header | IV | M) (if any)

This seems incorrect to me, if I look e.g. at the Java source code it seems encrypt-then-sign is used, not encrypt-and-sign:

      verifyStream.updateVerify(ciphertextChunk);


In other words, I would expect:

Header | IV (if any) | Encrypt(M) | Sign(header | IV | Encrypt(M)) (if any)

Would it be possible to update the paper, or make clear it is deprecated by now?


Steve Weis

unread,
Oct 13, 2015, 4:13:59 PM10/13/15
to Keyczar Discuss
You're right that this is a typo. That paper is very out of date and should probably be removed or revised completely.


--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discu...@googlegroups.com.
To post to this group, send email to keyczar...@googlegroups.com.
Visit this group at http://groups.google.com/group/keyczar-discuss.
For more options, visit https://groups.google.com/d/optout.

devin lundberg

unread,
Oct 13, 2015, 4:18:27 PM10/13/15
to keyczar...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages