How to: Disable Encryption of Digital Signatures
By default, a message is signed and the signature is digitally encrypted. This is controlled by creating a custom binding with an instance of the AsymmetricSecurityBindingElement or the SymmetricSecurityBindingElement and setting the
MessageProtectionOrder property of either class to a MessageProtectionOrder enumeration value. The default is SignBeforeEncryptAndEncryptSignature. This process consumes up to 30 percent more time than simply signing and encrypting based on the overall message size (the smaller the message, the greater the performance impact). Disabling encryption of the signature, however, might allow an attacker to guess the content of the message. This is possible because the signature element contains the hash code of the plain text of every signed part in the message. For example, although the message body is encrypted by default, the unencrypted signature contains the hash code of the message body before the encryption. If the set of possible values for the signed and encrypted part is small, an attacker might be able to deduce the contents by looking at the hash value. Encrypting the signature mitigates this attack vector.
Therefore, disable encryption of the signature only when the value of the content is low or the set of possible content values is large and nondeterministic, and the performance gain is more important than mitigating the attack described above.
If there is nothing in the message that is encrypted, the signature element is not encrypted, even when the AsymmetricSecurityBindingElement.MessageProtectionOrder or SymmetricSecurityBindingElement.MessageProtectionOrder property is set to SignBeforeEncryptAndEncryptSignature. This behavior occurs even with system-provided bindings; all system-provided bindings have the message protection order set to
Create a CustomBinding. For more information, seeHow to: Create a Custom Binding Using the SecurityBindingElement.
Set the AsymmetricSecurityBindingElement.MessageProtectionOrder property to SignBeforeEncrypt, or set the SymmetricSecurityBindingElement.MessageProtectionOrder property to SignBeforeEncrypt.