Emphasizing that Hybrid Encryption does not provide authenticity.

Change-Id: Ic7c50eec0c54abe71c77d4ae20079d0b60b7a9f2 ORIGINAL_AUTHOR=Thai Duong <thaidn@google.com> GitOrigin-RevId: 086cb47563ce07c510fc02df4a1fa24f5d4a7d53
author: Thai Duong <thaidn@google.com> 2017-11-13 15:47:56 -0800
committer: Thai Duong <thaidn@google.com> 2017-11-22 16:10:03 -0800
commit: c7530871e02c762b4b64cbf21b9f4b571c702e88 (patch)
tree: bf7ca1033bd2c41d55e46006d8a62b81ca0c71ae /cc/hybrid_decrypt.h
parent: e465c9d5877bff8979c9a07294b8fdcadc90bdaf (diff)
download: tink-c7530871e02c762b4b64cbf21b9f4b571c702e88.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/cc/hybrid_decrypt.h b/cc/hybrid_decrypt.h
index 4022fe176..abd1ac633 100644
--- a/cc/hybrid_decrypt.h
+++ b/cc/hybrid_decrypt.h
@@ -34,6 +34,13 @@ namespace tink {
 // checking the integrity of 'context_info' (but there are no
 // guarantees wrt. to secrecy or authenticity of 'context_info').
 //
+// WARNING: hybrid encryption does not provide authenticity, that is the
+// recipient of an encrypted message does not know the identity of the sender.
+// Similar to general public-key encryption schemes the security goal of
+// hybrid encryption is to provide privacy only. In other words, hybrid
+// encryption is secure if and only if the recipient can accept anonymous
+// messages or can rely on other mechanisms to authenticate the sender.
+//
 // 'context_info' can be empty or null, but to ensure the correct
 // decryption of the ciphertext the same value must be provided
 // as was used during encryption operation (cf. HybridEncrypt-interface).
author	Thai Duong <thaidn@google.com>	2017-11-13 15:47:56 -0800
committer	Thai Duong <thaidn@google.com>	2017-11-22 16:10:03 -0800
commit	c7530871e02c762b4b64cbf21b9f4b571c702e88 (patch)
tree	bf7ca1033bd2c41d55e46006d8a62b81ca0c71ae /cc/hybrid_decrypt.h
parent	e465c9d5877bff8979c9a07294b8fdcadc90bdaf (diff)
download	tink-c7530871e02c762b4b64cbf21b9f4b571c702e88.tar.gz