Some questions about writing a program that uses RSA. Let's assume we have 3 participants (Alice, Bob, Carol). The idea is for Bob to send an encrypted and signed message to Alice. Although Bob constructs the message, signs it and encrypts it, it is Carol who can decide some parts of the message. The message is small, 200-400 bytes in length. Some of the contents of the message are always the same (field names) and the message looks much like mail headers: Field1Name: field1contents Field2Name: field2contents Field3Name: field3contents Carol can decide, what goes into the field contents. Now the easiest way would be to sign the message using Bob's private key and encrypt is using Alice's public key. What Carol wants to do is forge similar messages without help from Bob and send the messages to Alice. Let's say that Bob is a bank, Alice a merchant and Carol a buyer. Usually Bob has to take some money from Carols account and after the he signals Alice, that she can give the goods to Carol. Now Carol wants to get the goods without paying and give a false signal to Alice (which Alice thinks is a signal from Bob). Both the public keys of Alice and Bob are well-known. One of the fields will be unique for every message, so that Carol can not use the same message to pay once and recieve the goods many times. The question is easy: how should I sign and encrypt the message? 1) calculate a digest (MD5, SHA) from the message, sign the digest (or should I sign the message contents + digest) with Bob's private key and encrypt it with Alice's public key? 2) is there any idea to generate a DES key, encrypt the message with the DES key, calculate a digest on (enc. message + DES key), sign the digest and encrypt it with Alice's public key? The message is small, so the time it takes to encrypt the message is not so important compared to higher speed of DES. 3) may be it would be good to encrypt the message with Alice's public key, then generate a digest, sign the digest and then once more encrypt the whole thing with Alice's public key? Using a DES session key helps in case someone would find out Alice's private key she uses to decrypt the message, but actually in this case it is not so important to hide the message contents (what is important are message integrity and sender authentication). What are the suggestions what crypto package might I use: RSAref, crypto++, SSLeay or some other? -- Juri Kaljundi jk@stallion.ee