Question: What is the difference between "EncryptAndSign" and first Sign, then Encrypt using the separate methods

[Liam-Rougoor]

Hi!

I've noticed that there is an EncryptAndSign method, which first signs the message and then encrypts it as a whole. Is this different from first using Sign, and then use Encrypt on that output?

I've tried using 'DecryptAndVerify' on a stream that was first signed, then encrypted separately. This gave me the error File was not signed. When I use Decrypt and Verify separately, it does work.

If there are any differences, what are they? Which approach should I use?

Thanks in advance!

[mattosaurus]

Hi,

It's pretty much the same thing however it's more efficient to use the EncryptAndSign method as you can verify the message without having to decrypt it first. I'd suggest doing this if possible.

[Liam-Rougoor]

Thank you for your reply @mattosaurus!

How can the message be verified without decrypting?

From the README:

"Although this method is called EncryptAndSign the signature will actually be included within the encrypted message rather than being appended to the encrypted message. This ensures that the original message was composed by the holder of the private key."

If the signature is included within the encrypted message, doesn't this message need to be decrypted before verification?

[mattosaurus]

Hi, apologies, yes you're right. I'm on holiday at the moment and haven't looked into the code for a while so had forgotten how this method works!

The advantage comes from being able to decrypt and verify the message in a single operation rather than needing to first decrypt it and then verify it in two separate operations.

[Liam-Rougoor]

Hi @mattosaurus , thank you for your reply! I'm still running into some Verify issues, but I'll create a separate issue for that. Enjoy your holiday 😁