How to: Disable Encryption of Digital Signatures

By default, a message is signed and the signature is digitally encrypted. This is controlled by creating a custom binding with an instance of the AsymmetricSecurityBindingElement or the SymmetricSecurityBindingElement and setting the MessageProtectionOrder property of either class to a MessageProtectionOrder enumeration value. The default is SignBeforeEncryptAndEncryptSignature. This process consumes up to 30 percent more time than simply signing and encrypting based on the overall message size (the smaller the message, the greater the performance impact). Disabling encryption of the signature, however, might allow an attacker to guess the content of the message. This is possible because the signature element contains the hash code of the plain text of every signed part in the message. For example, although the message body is encrypted by default, the unencrypted signature contains the hash code of the message body before the encryption. If the set of possible values for the signed and encrypted part is small, an attacker might be able to deduce the contents by looking at the hash value. Encrypting the signature mitigates this attack vector.

Therefore, disable encryption of the signature only when the value of the content is low or the set of possible content values is large and nondeterministic, and the performance gain is more important than mitigating the attack described above.

1. Create a CustomBinding. For more information, see How to: Create a Custom Binding Using the SecurityBindingElement.

2. Add either an AsymmetricSecurityBindingElement or a SymmetricSecurityBindingElement to the binding collection.

3. Set the AsymmetricSecurityBindingElement.MessageProtectionOrder property to SignBeforeEncrypt, or set the SymmetricSecurityBindingElement.MessageProtectionOrder property to SignBeforeEncrypt.

• Security Capabilities with Custom Bindings