Quoting Ben Laurie <[EMAIL PROTECTED]>: > Yes, but you could know all this from cipher2 and RSA of SHA1(message), > so I still don't see what value is added by cipher1.
Without cipher1, implying (iv1, RSA(SHA1(message) || key1)) it is impossible to determine the originator of the message. Remember, I'm thinking in terms of XML-ENC where cipher1 is represented by <enc:EncryptedData> .. </enc:EncryptedData> and these scoping elements will be encrypted to the cipher2 result which is represented by another <enc:EncryptedData> and friends. Thx, -Matt --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]