JavaCard OS

It's me again. I still have a basic question that need your help. I learned that a digital signature is a mathematical scheme to guarantee message security . Does the Signature do an unique Sign for each transaction? Shall the data be encrypted and decrypted with the same Signature?

Signature algorithms (RSA, ECDSA, DSA) is one thing and Signature Methods (PKCS1 1.5/ OAEP) is another thing. To put it very simplistically, the algorithm is a set of mathematical formula on how you should create a signature (maths and numbers). A method on the other hand is that every algorithm may have deficiencies or require a standard way to compute the algorithm over a bunch of data. In RSA PKCS1 1.5 view, you will generate a bunch of random bytes and insert them into a PKCS1 1.5 message block with the message or hash of message you wish to seal it with your signature and then you have what is called a digital signature.

So yes, message signing formats like PKCS1 do include random bytes to make each signature seemingly unique. If you are worried of forgery, a reliable and secure real-time clock can be used as part of the signature scheme where you sign the accurate timestamp (called timestamping) with or part of your message or hash of message you wish to sign (part or whole whichever you want).

Whether to encrypt the message signature or not is up to you. If you deem that the signature itself needs secrecy, then why not encrypt it. There is the MAC-Then-Encrypt school of thought and Encrypt-Then-MAC school of thought. Essentially, you generate a code to ensure integrity of the message (MAC code or digital signatures) then you encrypt them for the MAC-Then-Encrypt school. The Encrypt-Then-MAC school is the reverse when the MAC code or the digital signature is left in plain sight (plaintext signatures and MAC codes) so that before you waste your time decrypting a possibly tampered message, you can review the MAC code or digital signature to assert the integrity of the ciphertext before actually spending processing resources and time to do the decryption of the ciphertext. Some proponents of the MAC-Then-Encrypt school feels that computing resources are so abundant these days and most smart card chips and even commercial embedded MCUs come with built-in crypto accelerator hardware, they do not mind wasting the resource on attempting to decrypt the ciphertext then check the MAC or signature that is encrypted. The MAC-Then-Encrypt scheme is famously used in the GNuPG/OpenPGP scheme for whoever knows what reasons but for those who feel that they have computing resource to actually utilize and have a necessity to obfuscate or hide their MAC codes or digital signatures to make the life of their attackers harder to forge an encrypted MAC/signature, you may use this scheme to your advantage.

Thank you for your thorough answer. So in your opinion, among all the algorithms which algorithm is the securest?

It depends but RSA 2048 and above and ECDSA 256 and above are generally used as baseline.

Thanks for your help indeed. You save my day.