Does Enrico sign plaintext? Ciphertext? Both? #157
Description
The age-old of encrypt-then-sign or sign-then-encrypt - what forward compatibility do we want to offer?
- Signing the plaintext gives Bob (and "only" Bob? everyman, etc) assurance that the plaintext is from the source he expects.
- Signing the ciphertext allows Bob or Ursula to publicly demonstrate that the source in question generated the payload.
When in the runtime do these signatures occur? Can Enrico pre-sign and store?
Use case example:
Enrico is a book author. He wishes to provide preview snippets for Bob to search as Bob considers purchasing the book. In order to ensure that Bob is receiving snippets from the actual text, they can signed by the same secret ultimately used to sign the book.