Cryptography: Securing Digital Signature and Key Pair

Question

I have developed an encryption solution which is based on Hybrid Encryption as:

Sender end:

1. The message hash will be calculated.
2. Hash will be signed with private key of sender.
3. Hash will be encrypted with private key of sender.
4. A symmetric key will be generated.
5. Symmetric key will encrypt the message.
6. Symmetric key will then be encrypted with public key of receiver.

Recevier end:

1. Decryption of Hash with public key of sender.
2. Verification of sign with public key of sender.
3. Decryption of Symmetric key with private key of receiver.
4. Decryption of message with Symmetric key.

Now I want to save the hash in a file, the digital sign in a file, key encryption in file, actual message encrypted in a file and the key pairs.

In what file type shall I save all of these? whether it shall be a CSV, TXT file or something else?

I have to keep the keys secure and the digital signature too..

Please guide!

Answer 1

As for the sender: Steps 1, 2 and 3 are commonly combined into a single signature generation operation. You don't do them separately. The same for step 1 and 2 of the receiver for signature verification (where you are missing the hashing step of the message, by the way).

Modern cryptography is based on bytes, so generally you define a single binary container format so that you don't have to expand the ciphertext (compared to the plaintext) needlessly. Such a container can contain multiple values: encrypted key, and encrypted content that consists of the message and signature. Generally there is also a header containing a version string and an ID of the required keys to name just a few.

Of course many container formats have been defined for the hybrid cryptography that you're currently using, with CMS (with a hierarchical PKI) and (Open)PGP (with a web-of-trust based PKI) being the most well known ones.

Otherwise it is up to you. Generally you'd encode the ciphertext / signatures using base 64 if you require text based storage. Do include a version string somewhere in the header and create a document to describe your protocol.