Thread: I have just been in a discussion with @hanno and others, and think I should set out my thoughts about CBC, authenticated encryption, and signatures. 1/n
First, if you always check your HMACs, auth tags, signatures for correctness and that they are the ones you expect, then you can use either Encrypt-then-MAC, AEAD, or signatures and they will do what you need 2/n